54 replies to this topic

[MWybiral]

Hello
I am new to this and don't know much about computers...so please bear with me.

My computer detected a virus one day with Avira, my anti-virus program. It was called Worm/Vb.DW. Since then, it has come back everytime I run a scan or start my computer. Recently, it has been accompanied by a trojan virus, TR/Killwin.BL. Some of my programs (such as Paint and Calculator) have stopped working, my husband says it is because my "dll's" have been moved from their original place. Now, yesterday and today, when I try to start up my computer, it freezes 2-3 times before it will start. My computer is an HP Pavillion notebook with Windows XP, with Mozilla Firefox as a browser. I hope this information is useful. Can anyone help me?

Logfile of HijackThis v1.99.1
Scan saved at 2:41:19 PM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Documents and Settings\Melaney\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msconfiger] msconfiger.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [msconfiger] msconfiger.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D7EBE188-81B2-4511-A030-239FBFD3D7BD} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143872145046
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Component (NVIDIADriverHlp) - Unknown owner - C:\WINDOWS\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Susan528]

Hello and Welcome to TomCoyote,

Let's start with a couple scans first. Please do the following:


STEP 1.
======
SpySweeper

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless you are instructed to.


Download the trial version of Spy Sweeper from Here

• Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper) You will be prompted to check for updated definitions, please do so.
  (This may take several minutes)
• Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
• Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!
• When the sweep has finished, click Remove. Click Select All and then Next
• From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
• Exit Spy Sweeper.

STEP 2.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:

• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• From the main ewido screen, click on update in the left menu, then click the Start update button.
• After the update finishes (the status bar at the bottom will display "Update successful")
• Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
• If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
• When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Empty Recycle Bin
Reboot

Please post the results from SpySweeper, ewido and a new hijackthis log.

[MWybiral]

Sorry it took me so long, I was having trouble with my internet. Here are the scans: SpySweeper: ******** 9:43 PM: | Start of Session, Thursday, June 15, 2006 | 9:43 PM: Spy Sweeper started 9:43 PM: Sweep initiated using definitions version 700 9:43 PM: Found Adware: exact navisearch 9:43 PM: HKCR\clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\inprocserver32\ (2 subtraces) (ID = 1353162) 9:43 PM: nvms.dll (ID = 1353162) 9:43 PM: Found Adware: exact bullseye 9:43 PM: HKCR\clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}\inprocserver32\ (2 subtraces) (ID = 1353167) 9:43 PM: msbe.dll (ID = 1353167) 9:43 PM: Starting Memory Sweep 9:43 PM: Detected running threat: C:\WINDOWS\system32\nvms.dll (ID = 50797) 9:43 PM: Detected running threat: C:\WINDOWS\system32\msbe.dll (ID = 163129) 9:50 PM: Found Adware: exact cashback/bargain buddy 9:50 PM: Detected running threat: C:\Program Files\BullsEye Network\bin\bargains.exe (ID = 50547) 9:50 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || BullsEye Network (ID = 0) 9:50 PM: Detected running threat: C:\Program Files\NaviSearch\bin\nls.exe (ID = 50784) 9:50 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || NaviSearch (ID = 0) 9:51 PM: Memory Sweep Complete, Elapsed Time: 00:07:57 9:51 PM: Starting Registry Sweep 9:51 PM: HKCR\adp.urlcatcher\ (3 subtraces) (ID = 104001) 9:51 PM: HKCR\adp.urlcatcher\ (3 subtraces) (ID = 104001) 9:51 PM: HKCR\adp.urlcatcher\ (3 subtraces) (ID = 104001) 9:51 PM: HKCR\clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (9 subtraces) (ID = 104006) 9:51 PM: HKCR\clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}\ (9 subtraces) (ID = 104008) 9:51 PM: HKLM\software\bargains\ (34 subtraces) (ID = 104012) 9:51 PM: HKLM\software\classes\adp.urlcatcher\ (3 subtraces) (ID = 104013) 9:51 PM: HKLM\software\classes\adp.urlcatcher\ (3 subtraces) (ID = 104013) 9:51 PM: HKLM\software\classes\clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}\ (9 subtraces) (ID = 104016) 9:51 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}\ (1 subtraces) (ID = 104025) 9:51 PM: HKLM\software\microsoft\windows\currentversion\run\ || bullseye network (ID = 104028) 9:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bargainbuddy\ (8 subtraces) (ID = 104030) 9:51 PM: Found Adware: exactsearch.net hijack 9:51 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125858) 9:51 PM: HKCR\adp.urlcatcher.1\ (3 subtraces) (ID = 135552) 9:51 PM: HKCR\nls.urlcatcher.1\ (3 subtraces) (ID = 135565) 9:51 PM: HKCR\nls.urlcatcher\ (3 subtraces) (ID = 135566) 9:51 PM: HKLM\software\classes\nls.urlcatcher.1\ (3 subtraces) (ID = 135575) 9:51 PM: HKLM\software\classes\nls.urlcatcher\ (3 subtraces) (ID = 135576) 9:51 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (1 subtraces) (ID = 135578) 9:51 PM: HKLM\software\microsoft\windows\currentversion\run\ || navisearch (ID = 135582) 9:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\navisearch\ (10 subtraces) (ID = 135584) 9:51 PM: HKLM\software\navisearch\ (28 subtraces) (ID = 135585) 9:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\navisearch\ (10 subtraces) (ID = 498471) 9:51 PM: HKLM\software\exactutil\ || etserver (ID = 509557) 9:51 PM: HKLM\software\exactutil\ || newpartnername (ID = 509559) 9:51 PM: HKLM\software\exactutil\ || system (ID = 509561) 9:51 PM: HKLM\software\exactutil\ || utilfolder (ID = 509699) 9:51 PM: HKLM\software\exactutil\ || partnerid (ID = 509702) 9:51 PM: HKLM\software\microsoft\windows\currentversion\run\ || navisearch (ID = 601633) 9:51 PM: HKLM\software\bargains\ (34 subtraces) (ID = 646495) 9:51 PM: HKLM\software\classes\adp.urlcatcher.1\ (3 subtraces) (ID = 646636) 9:51 PM: HKLM\software\classes\clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (9 subtraces) (ID = 646656) 9:51 PM: HKCR\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\ (9 subtraces) (ID = 651023) 9:51 PM: HKLM\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3}\ (9 subtraces) (ID = 651255) 9:51 PM: HKLM\software\exactutil\ || buildnumber (ID = 728386) 9:51 PM: HKLM\software\exactutil\ || ccode (ID = 728389) 9:51 PM: Found Adware: maxifiles 9:51 PM: HKCR\xbtb04715.ietoolbar.1\ (3 subtraces) (ID = 1156344) 9:51 PM: HKCR\xbtb04715.ietoolbar\ (5 subtraces) (ID = 1156348) 9:51 PM: HKCR\toolband.xbtb04715.1\ (3 subtraces) (ID = 1156354) 9:51 PM: HKCR\toolband.xbtb04715\ (5 subtraces) (ID = 1156358) 9:51 PM: HKCR\xbtb04715.xbtb04715.1\ (3 subtraces) (ID = 1156364) 9:51 PM: HKCR\xbtb04715.xbtb04715\ (5 subtraces) (ID = 1156368) 9:51 PM: HKCR\clsid\{a8b0bded-64a5-495b-97da-42c0301e229b}\ (11 subtraces) (ID = 1156379) 9:51 PM: HKCR\typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}\ (9 subtraces) (ID = 1156391) 9:51 PM: HKLM\software\classes\toolband.xbtb04715\ (5 subtraces) (ID = 1156475) 9:51 PM: HKLM\software\classes\xbtb04715.xbtb04715.1\ (3 subtraces) (ID = 1156481) 9:51 PM: HKLM\software\classes\xbtb04715.xbtb04715\ (5 subtraces) (ID = 1156485) 9:51 PM: HKLM\software\classes\clsid\{a8b0bded-64a5-495b-97da-42c0301e229b}\ (11 subtraces) (ID = 1156496) 9:51 PM: HKLM\software\classes\typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}\ (9 subtraces) (ID = 1156508) 9:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb04715.xbtb04715toolbar\ (2 subtraces) (ID = 1156519) 9:51 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{a8b0bded-64a5-495b-97da-42c0301e229b}\ (1 subtraces) (ID = 1156522) 9:51 PM: HKLM\software\classes\xbtb04715.ietoolbar.1\ (3 subtraces) (ID = 1156524) 9:51 PM: HKLM\software\classes\xbtb04715.ietoolbar\ (5 subtraces) (ID = 1156528) 9:51 PM: HKLM\software\classes\toolband.xbtb04715.1\ (3 subtraces) (ID = 1156534) 9:51 PM: HKU\S-1-5-21-1182746855-3910170227-2096544635-1006\software\director\ || baseurl (ID = 980277) 9:51 PM: HKU\S-1-5-21-1182746855-3910170227-2096544635-1006\software\xbtb04715\ (70 subtraces) (ID = 1156401) 9:51 PM: Registry Sweep Complete, Elapsed Time:00:00:31 9:51 PM: Starting Cookie Sweep 9:51 PM: Found Spy Cookie: 2o7.net cookie 9:51 PM: melaney@2o7[2].txt (ID = 1957) 9:51 PM: Found Spy Cookie: customer cookie 9:51 PM: melaney@customer[2].txt (ID = 2481) 9:51 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 9:51 PM: Starting File Sweep 9:51 PM: Found Trojan Horse: trojan downloader matcash 9:51 PM: c:\program files\common files\inetget (ID = -2147477182) 9:51 PM: c:\program files\toolbar888 (17 subtraces) (ID = -2147456311) 9:51 PM: c:\documents and settings\melaney\start menu\programs\navisearch (1 subtraces) (ID = -2147470942) 9:51 PM: c:\program files\bullseye network (7 subtraces) (ID = -2147481394) 9:51 PM: c:\program files\navisearch (4 subtraces) (ID = -2147480573) 9:51 PM: c:\documents and settings\melaney\start menu\programs\bullseye network (1 subtraces) (ID = -2147471505) 9:52 PM: basis.xml (ID = 244764) 9:54 PM: adv.exe (ID = 200336) 9:55 PM: basis.xml (ID = 244764) 9:55 PM: Found Adware: exact software 9:55 PM: exul.exe (ID = 109899) 9:58 PM: exclean.exe (ID = 267925) 9:59 PM: autoit3.exe (ID = 185254) 10:02 PM: Spy Installation Shield: found: Adware: exact software, version 1.0.0.0 -- Execution Denied 10:03 PM: exdl.exe (ID = 137145) 10:03 PM: adx.exe (ID = 200337) 10:07 PM: mqexdlm.srg (ID = 137145) 10:20 PM: exdl1.exe (ID = 137145) 10:20 PM: exul1.exe (ID = 109899) 10:20 PM: nvms.dll (ID = 50797) 10:20 PM: msbe.dll (ID = 163129) 10:23 PM: bargains.exe (ID = 50547) 10:23 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || BullsEye Network (ID = 0) 10:23 PM: exdl2.exe (ID = 137145) 10:23 PM: javexulm.vxd (ID = 109899) 10:23 PM: nls.exe (ID = 50784) 10:23 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || NaviSearch (ID = 0) 10:24 PM: Warning: Unhandled Archive Type 10:24 PM: Warning: Unhandled Archive Type 10:24 PM: Warning: Unhandled Archive Type 10:24 PM: Warning: Unhandled Archive Type 10:24 PM: Warning: Unhandled Archive Type 10:24 PM: Warning: Unhandled Archive Type 10:24 PM: Warning: Unhandled Archive Type 10:24 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unable to sweep compressed file: System Error. Code: 8. Not enough storage is available to process this command 10:25 PM: Warning: Unable to sweep compressed file: System Error. Code: 8. Not enough storage is available to process this command 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Invalid Stream 10:25 PM: Warning: Invalid Stream 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: Warning: Invalid Stream 10:25 PM: Warning: Unhandled Archive Type 10:25 PM: File Sweep Complete, Elapsed Time: 00:33:55 10:25 PM: Full Sweep has completed. Elapsed time 00:42:30 10:25 PM: Traces Found: 501 10:29 PM: Removal process initiated 10:30 PM: Quarantining All Traces: trojan downloader matcash 10:30 PM: Quarantining All Traces: maxifiles 10:30 PM: Quarantining All Traces: exact bullseye 10:30 PM: exact bullseye is in use. It will be removed on reboot. 10:30 PM: msbe.dll is in use. It will be removed on reboot. 10:30 PM: c:\program files\bullseye network is in use. It will be removed on reboot. 10:30 PM: msbe.dll is in use. It will be removed on reboot. 10:30 PM: C:\WINDOWS\system32\msbe.dll is in use. It will be removed on reboot. 10:30 PM: Quarantining All Traces: exact cashback/bargain buddy 10:30 PM: exact cashback/bargain buddy is in use. It will be removed on reboot. 10:30 PM: adv.exe is in use. It will be removed on reboot. 10:30 PM: adx.exe is in use. It will be removed on reboot. 10:30 PM: bargains.exe is in use. It will be removed on reboot. 10:30 PM: Quarantining All Traces: exact navisearch 10:30 PM: exact navisearch is in use. It will be removed on reboot. 10:30 PM: nvms.dll is in use. It will be removed on reboot. 10:30 PM: nvms.dll is in use. It will be removed on reboot. 10:30 PM: nls.exe is in use. It will be removed on reboot. 10:30 PM: C:\WINDOWS\system32\nvms.dll is in use. It will be removed on reboot. 10:30 PM: C:\Program Files\NaviSearch\bin\nls.exe is in use. It will be removed on reboot. 10:30 PM: Quarantining All Traces: exact software 10:30 PM: Quarantining All Traces: exactsearch.net hijack 10:30 PM: Quarantining All Traces: 2o7.net cookie 10:30 PM: Quarantining All Traces: customer cookie 10:30 PM: Preparing to restart your computer. Please wait... 10:30 PM: Removal process completed. Elapsed time 00:00:51 ******** Ewido: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 3:53:13 PM, 6/18/2006 + Report-Checksum: 34BB181B + Scan result: HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned with backup HKU\S-1-5-21-1182746855-3910170227-2096544635-1006\Software\DNS -> Adware.Shorty : Cleaned with backup :mozilla.19:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.21:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.22:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.23:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.24:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.25:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.26:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.27:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.28:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.29:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.30:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.32:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.33:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.34:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.35:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.36:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.37:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.38:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.39:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.40:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.41:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.42:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.43:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.44:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.45:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.46:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.47:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.48:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.49:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.50:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.51:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.52:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.53:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.54:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.55:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.56:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.57:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.58:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.59:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.60:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.61:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.62:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.63:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.64:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.65:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.66:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.67:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.68:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.70:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.73:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.74:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.75:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.76:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.77:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.83:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.84:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.85:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.86:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.87:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.88:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.95:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.96:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.97:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.98:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.99:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.100:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.101:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.102:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.103:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.118:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.119:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.120:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.121:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.122:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.123:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.124:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.125:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.126:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.127:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.131:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.132:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.133:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.134:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.138:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.139:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.140:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.149:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.150:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.164:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.165:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.166:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.167:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.181:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.182:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.183:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.184:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.185:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.186:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.187:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.188:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.189:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.190:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.191:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.192:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.195:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.196:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.221:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.222:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.223:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.224:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.225:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.230:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.231:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.232:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.233:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.234:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.235:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.236:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.237:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.242:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.243:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.244:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.245:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.260:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.267:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.268:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.269:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.270:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.271:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.272:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.287:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.288:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.289:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.290:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.292:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.296:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.298:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.303:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.304:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.307:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.308:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.310:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.350:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.351:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.356:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.359:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.361:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.364:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.365:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.368:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.369:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.370:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.371:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.372:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.373:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.374:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.375:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.381:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.387:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.395:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.396:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.400:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.403:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.404:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.405:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.408:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.419:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.420:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.429:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.430:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.431:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.451:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup :mozilla.463:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.465:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.466:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.467:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.522:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.523:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.536:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup :mozilla.540:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.542:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.548:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.553:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.555:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.565:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.566:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.597:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup :mozilla.605:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.607:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.608:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.621:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.622:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.623:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.641:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.647:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.655:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.656:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.657:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.658:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.661:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.663:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.664:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.669:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup :mozilla.670:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.683:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.692:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.693:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.695:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.696:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.697:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.698:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.700:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.703:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.704:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.709:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.730:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.732:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.735:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.743:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.744:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.745:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.746:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.758:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.759:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.778:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.779:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.780:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.781:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.786:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.787:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.788:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.789:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.790:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.791:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.801:C:\Documents and Settings\Melaney\Application Data\Mozill

[Susan528]

Hello MWybiral, It looks like the ewido log was cut off. If you can post)(reply) with the rest so that I can see it completed that would be fine. If you do not have it, don't worry. But please do post(reply) with another hijackthis log.

Edited by Susan528, 18 June 2006 - 03:25 PM.

[MWybiral]

Oops. Must have been too much.

Rest of Ewido log:

Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.813:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.814:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.815:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.816:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.819:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.820:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.824:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.825:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.826:C:\Documents and Settings\Melaney\Application Data\Mozilla\Firefox\Profiles\po18y06v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Error during cleaning


::Report End

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:10 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Melaney\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msconfiger] msconfiger.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [msconfiger] msconfiger.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D7EBE188-81B2-4511-A030-239FBFD3D7BD} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143872145046
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Component (NVIDIADriverHlp) - Unknown owner - C:\WINDOWS\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Susan528]

Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.gee...xplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture:


When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.

Please post (reply) with the results from Kapersky and another hijackthis log.

[MWybiral]

OK. I ran BFU, but after I press the button to launch Kaspersky, it gives me an option to accept or decline it's terms, and when I press "accept", it doesn't do anything. I think it may be because I don't use IE. Internet Explorer stopped working when my dll's dissappeared, so I use Mozilla Firefox.

[Susan528]

Yes, Kapersky will not work with Mozilla. I use Mozilla too. Please post (reply) with a new hijackthis log for now.

[Susan528]

Do you have your Windows installation CD? It bothers me about your IE. I would like you to try the IEFIX.

http://windowsxp.mvps.org/IEFIX.htm

[MWybiral]

I don't have the Windows disc, but here's my hijackthis log.


Logfile of HijackThis v1.99.1
Scan saved at 12:13:50 AM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Melaney\Desktop\utorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Melaney\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msconfiger] msconfiger.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\RunServices: [msconfiger] msconfiger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D7EBE188-81B2-4511-A030-239FBFD3D7BD} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143872145046
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Component (NVIDIADriverHlp) - Unknown owner - C:\WINDOWS\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Susan528]

I can help you clean off the malware from your system but without Internet Explorer you will not be able to download Microsoft Updates and the computer will continue to be at risk for infections. Can you contact HP and obtain some recovery cds?
http://h10025.www1.h...=reg_R1002_USEN


Please do the following scan.

STEP 1.
======
MWAV Scan
Please download MWAV to a convenient location.
This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.
This scan might take around 3+ hours to finish when set to scan everything.

Double-click on mwav.exe.
Put a check next to the below items before scanning:

• Memory
• Startup Folders
• Drive - All Local Drives
• Folder - then click "browse" to change the directory to C: (default is C:\Windows)
• Registry
• System Folders
• Services
• Include Sub-Directory
• Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

[MWybiral]

Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bargain buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bargain buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "casinoonnet Spyware/Adware" found in File System! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D2C2F50.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D2F594C.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39196576.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BC838F6 infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73500777.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79A257AD infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DD94D43 infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DDC7740.tmp infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DE0213C infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DE0213C.tmp infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0000918.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0000919.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0000920.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0000949.exe tagged as "not-a-virus:AdWare.Win32.Trymedia.b". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0000950.exe tagged as "not-a-virus:AdWare.Win32.Trymedia.b". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0001081.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0001082.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0001083.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP13\A0001120.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP13\A0001121.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP13\A0001122.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP14\A0001170.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP14\A0001171.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP14\A0001172.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP15\A0001186.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP15\A0001188.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP15\A0001189.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP16\A0001313.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP16\A0001314.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP16\A0001315.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP17\A0001366.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP17\A0001367.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP17\A0001368.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP18\A0001438.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP18\A0001439.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP18\A0001440.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP19\A0001481.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP19\A0001482.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP19\A0001483.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP21\A0001529.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP21\A0001530.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP21\A0001531.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP22\A0001616.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP22\A0001617.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP22\A0001618.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP23\A0001634.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP23\A0001635.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP23\A0001636.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP24\A0001644.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP24\A0001645.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP24\A0001646.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP25\A0001656.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP25\A0001657.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP25\A0001658.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP26\A0001706.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP26\A0001707.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP26\A0001708.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP27\A0001726.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP27\A0001728.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP27\A0001729.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP28\A0001751.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP28\A0001752.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP28\A0001754.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP29\A0001763.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP29\A0001764.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP29\A0001765.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP30\A0001798.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP30\A0001799.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP30\A0001800.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP31\A0001854.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP31\A0001855.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP31\A0001856.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP32\A0002516.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP32\A0002517.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP32\A0002518.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP33\A0002521.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP33\A0002546.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP33\A0002547.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP34\A0002611.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP34\A0002612.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP34\A0002628.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP35\A0002686.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP35\A0002687.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP35\A0002691.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002757.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002762.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002764.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002864.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002865.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002866.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002912.exe infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002913.exe infected by "Backdoor.Win32.EggDrop.v" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002914.exe infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002915.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002916.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002917.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002918.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002934.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002935.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002936.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP38\A0002983.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP38\A0002984.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP38\A0002985.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP39\A0003019.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP39\A0003029.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP39\A0003030.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000276.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000344.srg tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000351.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000375.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP40\A0003058.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP40\A0003067.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP40\A0003069.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP41\A0003080.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP41\A0003082.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP41\A0003083.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP42\A0003089.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP42\A0003095.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP43\A0003173.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP43\A0003174.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP43\A0003175.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003211.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003212.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003230.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003231.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003232.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP45\A0003282.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP45\A0003283.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP45\A0003284.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP46\A0003323.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP46\A0003324.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP46\A0003325.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP47\A0003398.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP47\A0003399.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP47\A0003400.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP48\A0003431.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP48\A0003432.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP48\A0003433.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP49\A0003442.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP49\A0003443.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP49\A0003444.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0003449.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0003450.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0003451.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0004380.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0004381.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0004382.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP51\A0004390.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP51\A0004391.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP51\A0004392.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP52\A0004424.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP52\A0004425.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP52\A0004426.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0004440.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0004441.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0004442.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0004447.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0004448.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0004449.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0004476.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0004477.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0004478.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP56\A0004484.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP56\A0004485.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP56\A0004486.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP57\A0005540.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP57\A0005541.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP57\A0005542.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0006524.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0006525.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0006526.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0006571.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0006572.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0006574.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP60\A0007524.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP60\A0007525.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP60\A0007526.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP61\A0007537.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP61\A0007538.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP61\A0007539.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0007544.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP63\A0007547.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP64\A0007550.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP65\A0007583.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP65\A0007586.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0007594.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP68\A0007627.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP68\A0007628.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007653.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007656.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007657.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007658.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.ae". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007659.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007661.vxd tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007662.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007663.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007664.srg tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007665.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007667.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007681.dll tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007682.dll tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0000585.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0000586.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0000587.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP9\A0000900.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP9\A0000901.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP9\A0000902.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D2C2F50.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D2F594C.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39196576.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BC838F6 infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73500777.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79A257AD infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DD94D43 infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DDC7740.tmp infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DE0213C infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DE0213C.tmp infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0000918.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0000919.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0000920.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0000949.exe tagged as "not-a-virus:AdWare.Win32.Trymedia.b". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0000950.exe tagged as "not-a-virus:AdWare.Win32.Trymedia.b". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0001081.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0001082.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0001083.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP13\A0001120.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP13\A0001121.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP13\A0001122.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP14\A0001170.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP14\A0001171.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP14\A0001172.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP15\A0001186.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP15\A0001188.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP15\A0001189.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP16\A0001313.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP16\A0001314.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP16\A0001315.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP17\A0001366.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP17\A0001367.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP17\A0001368.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP18\A0001438.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP18\A0001439.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP18\A0001440.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP19\A0001481.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP19\A0001482.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP19\A0001483.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP21\A0001529.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP21\A0001530.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP21\A0001531.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP22\A0001616.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP22\A0001617.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP22\A0001618.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP23\A0001634.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP23\A0001635.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP23\A0001636.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP24\A0001644.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP24\A0001645.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP24\A0001646.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP25\A0001656.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP25\A0001657.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP25\A0001658.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP26\A0001706.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP26\A0001707.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP26\A0001708.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP27\A0001726.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP27\A0001728.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP27\A0001729.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP28\A0001751.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP28\A0001752.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP28\A0001754.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP29\A0001763.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP29\A0001764.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP29\A0001765.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP30\A0001798.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP30\A0001799.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP30\A0001800.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP31\A0001854.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP31\A0001855.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP31\A0001856.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP32\A0002516.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP32\A0002517.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP32\A0002518.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP33\A0002521.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP33\A0002546.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP33\A0002547.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP34\A0002611.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP34\A0002612.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP34\A0002628.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP35\A0002686.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP35\A0002687.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP35\A0002691.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002757.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002762.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002764.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002864.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002865.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP36\A0002866.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002912.exe infected by

[MWybiral]

File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002913.exe infected by "Backdoor.Win32.EggDrop.v" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002914.exe infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002915.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002916.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002917.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002918.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002934.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002935.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP37\A0002936.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP38\A0002983.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP38\A0002984.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP38\A0002985.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP39\A0003019.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP39\A0003029.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP39\A0003030.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000276.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000344.srg tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000351.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000375.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP40\A0003058.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP40\A0003067.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP40\A0003069.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP41\A0003080.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP41\A0003082.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP41\A0003083.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP42\A0003089.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP42\A0003095.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP43\A0003173.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP43\A0003174.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP43\A0003175.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003211.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003212.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003230.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003231.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0003232.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP45\A0003282.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP45\A0003283.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP45\A0003284.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP46\A0003323.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP46\A0003324.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP46\A0003325.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP47\A0003398.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP47\A0003399.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP47\A0003400.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP48\A0003431.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP48\A0003432.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP48\A0003433.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP49\A0003442.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP49\A0003443.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP49\A0003444.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0003449.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0003450.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0003451.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0004380.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0004381.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP50\A0004382.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP51\A0004390.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP51\A0004391.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP51\A0004392.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP52\A0004424.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP52\A0004425.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP52\A0004426.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0004440.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0004441.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0004442.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0004447.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0004448.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0004449.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0004476.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0004477.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0004478.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP56\A0004484.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP56\A0004485.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP56\A0004486.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP57\A0005540.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP57\A0005541.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP57\A0005542.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0006524.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0006525.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0006526.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0006571.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0006572.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0006574.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP60\A0007524.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP60\A0007525.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP60\A0007526.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP61\A0007537.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP61\A0007538.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP61\A0007539.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0007544.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP63\A0007547.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP64\A0007550.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP65\A0007583.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP65\A0007586.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0007594.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP68\A0007627.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP68\A0007628.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007653.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007656.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007657.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007658.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.ae". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007659.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007661.vxd tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007662.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007663.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007664.srg tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007665.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007667.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007681.dll tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP69\A0007682.dll tagged as "not-a-virus:AdWare.Win32.BargainBuddy.n". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0000585.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0000586.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0000587.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP9\A0000900.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP9\A0000901.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken. File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP9\A0000902.exe tagged as "not-a-virus:AdWare.Win32.BargainBuddy.q". Action Taken: No Action Taken.

[Susan528]

Your MWAV scan looked good. You had quarantined files or infected _restore files which we will fix at the end. Don't pay attention to the "file system" messages.


Disable SpySweeper:
You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.

• Open it click >Options over to the left then >program options>Uncheck "load at windows startup"
• Over to the left click "shields" and uncheck all there.
• Uncheck" home page shield".
• Uncheck ''automatically restore default without notification".

After all of the fixes are complete it is very important that you enable SpySweeper again.

Please set your system to show all files; please see here if you're unsure how to do this.

Scan with HijackThis. Place a check against each of the following:
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [msconfiger] msconfiger.exe
O4 - HKLM\..\RunServices: [msconfiger] msconfiger.exe
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them if they exist:
msconfiger.exe<==file (you may need to search to find location)
C:\Program Files\winupdates<==folder
Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look.
How is your computer running?

[MWybiral]

Logfile of HijackThis v1.99.1
Scan saved at 11:34:43 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Melaney\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D7EBE188-81B2-4511-A030-239FBFD3D7BD} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143872145046
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Component (NVIDIADriverHlp) - Unknown owner - C:\WINDOWS\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe