Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with virus and spyware


  • This topic is locked This topic is locked
7 replies to this topic

#1 Pjimmey

Pjimmey

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 26 September 2005 - 02:00 PM

Hey guys,

my computer is all screwed up. My internet explorer is really hurting but I think i might have some other viruses.

Logfile of HijackThis v1.99.1
Scan saved at 11:57:20 AM, on 9/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\alg.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Windows\system32\drivers\dcfssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Windows\System32\msole32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Windows\System32\intmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svcnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Windows\wanmpsvc.exe
C:\Windows\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\System32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul James\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul James\Application Data\Mozilla\Profiles\default\0sbc6lm4.slt\prefs.js)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\Windows\System32\hpCFB.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Fast Start] C:\Windows\system32\svcnt.exe home
O4 - HKLM\..\Run: [hclean32.exe] C:\Windows\System32\hclean32.exe
O4 - HKLM\..\Run: [RegSvr32] C:\Windows\System32\msmsgs.exe
O4 - HKLM\..\Run: [dmrdg.exe] C:\Windows\System32\dmrdg.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: Advisor - {6A236999-ECF9-4F8D-8010-CB2A5CA11E2E} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/xxx/html.chm::/html.exe
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCB92098-09BF-4ED5-AD4C-FC698D4D5A33}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6B9C101-AB8D-4118-A0B1-AD5A4E65F4B3}: NameServer = 69.50.188.180,85.255.112.5
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\Windows\system32\drivers\dcfssvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Pjimmey

Pjimmey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 28 September 2005 - 10:07 PM

Please if there is someone that can help me I'd appreciate it

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:29 AM

Posted 29 September 2005 - 07:29 AM

Hello,
I have helped you before, but you didn't give any feedback anymore afterwards. So I hope you will this time so we can solve this.

Any reason why your windows isn't up to date? You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Please visit http://windowsupdate.microsoft.com and update to Service Pack 1. When your system is clean afterwards, then update to SP2, because updating to SP2 CAN cause problems as long as you are infected.

You're dealing with some nasty infections that needs a special treatment.
So we can't solve this in once. But let's deal with most now.

Hijackthis is still in your temp-folder, so I strongly advise to create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Download smitRem and save the file to your desktop.
Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\Windows\System32\hpCFB.tmp
O4 - HKLM\..\Run: [Fast Start] C:\Windows\system32\svcnt.exe home
O4 - HKLM\..\Run: [hclean32.exe] C:\Windows\System32\hclean32.exe
O4 - HKLM\..\Run: [dmrdg.exe] C:\Windows\System32\dmrdg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/xxx/html.chm::/html.exe
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCB92098-09BF-4ED5-AD4C-FC698D4D5A33}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6B9C101-AB8D-4118-A0B1-AD5A4E65F4B3}: NameServer = 69.50.188.180,85.255.112.5


* Click on Fix Checked when finished and exit HijackThis.

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

* Open Ad-aware and do a full scan. Remove all it finds.

* Now open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Close Ewido

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. (except for "My current home page")

* Reboot back into Windows.

* Post a new HijackThis Log, the log smitfiles.txt (which you will find on your C:\) and the Ewido Log by using Add Reply.

It could be possible, after reboot that your system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Pjimmey

Pjimmey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 07 October 2005 - 05:00 PM

ok I just wanted to let you know that I am working on what you said. I'll post the logswhen I am done. Thanks a lot

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:29 AM

Posted 07 October 2005 - 05:03 PM

Ok.. Just to remind you... Please make sure you don't miss a step and perform everything in the right order, because this is with a reason. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Pjimmey

Pjimmey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 12 October 2005 - 02:56 AM

ok I hope this isn't a problem but after i did the runthisbat program the disc clean up thing didn't finish. I left it on overnight and it never finished. I closed it and started runthis bat again but after it finished the disccleanup thing didn't come on. So here are my logs.

Logfile of HijackThis v1.99.1
Scan saved at 12:50:51 AM, on 10/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Windows\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Windows\wanmpsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\wuauclt.exe
C:\Program Files\hijkthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul James\Application Data\Mozilla\Profiles\default\0sbc6lm4.slt\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: Advisor - {6A236999-ECF9-4F8D-8010-CB2A5CA11E2E} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\Windows\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe



smitRem log file
version 2.6

by noahdfear

The current date is: Sat 10/08/2005
The current time is: 15:12:06.49

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :thumbsup:




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:11:59 PM, 10/9/2005
+ Report-Checksum: A28A43CE

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1018.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1018.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PSGuard -> Spyware.PSGuard : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKLM\SOFTWARE\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-689911805-2935130677-2106517767-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{BF69DF00-2734-477F-8257-27CD04F88779} -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-689911805-2935130677-2106517767-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-21-689911805-2935130677-2106517767-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-21-689911805-2935130677-2106517767-1005\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-689911805-2935130677-2106517767-1005\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-689911805-2935130677-2106517767-1005\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-689911805-2935130677-2106517767-1005\Software\WareOut\Registration -> TrojanDownloader.Wareout : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\PSGuard.lnk -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\Register.lnk -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\Uninstall.lnk -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKCU -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKCU\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKLM -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKLM\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\BrowserObjects -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\PSGuard.com\PSGuard\Quarantine\Packages -> Spyware.PSGuard : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Paul James\Application Data\Mozilla\Firefox\Profiles\27a4pdva.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Paul James\Application Data\Thunderbird\Profiles\g4lvfqe4.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Paul James\Application Data\Thunderbird\Profiles\g4lvfqe4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\hijkthis\backups\backup-20051007-153107-540.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP226\A0046909.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP226\A0046933.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP226\A0046959.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP226\A0047959.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP227\A0047991.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP228\A0048018.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP229\A0048044.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP231\A0048077.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP232\A0048118.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP232\A0048140.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP233\A0048181.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP233\A0048207.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP233\A0048226.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP233\A0049226.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP233\A0049245.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP234\A0049267.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP234\A0050267.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP236\A0050304.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP238\A0050334.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP238\A0050359.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP239\A0050395.exe -> Trojan.Small.fb : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP239\A0050414.exe -> Trojan.Agent.eo : Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP239\A0050419.exe -> Trojan.Favadd.ab : Cleaned with backup
C:\Syst

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:29 AM

Posted 12 October 2005 - 03:11 AM

Hi,

Your log looks clean, but we are not finished yet.
You were also dealing with another nasty infection and I want to be sure that everything is gone...So we have to use another fix to get rid of the leftovers.

First of all, look if next folder is present and delete it:

C:\Program Files\WareOut

Then....

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Choose to save the log.

Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with the new HijackThis log you made during this fix.

Edited by miekiemoes, 12 October 2005 - 03:12 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:29 AM

Posted 24 October 2005 - 12:42 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users