Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Remote Connection


  • Please log in to reply
35 replies to this topic

#1 alverez503

alverez503

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 22 November 2005 - 02:44 AM

I seem to have lost remote connection when using Azureus. I'm behind a wireless card, but the only other times I've lost remote connection it's been reversed by doing a system restore point. This causes me to believe it's the problem is being caused by some sort of malware. When it started happening I did a system restore to the earliest point I had, but it didn't get rid of the problem. Here's a Hijack This log in the hope that it provides a clue as to what could be causing it. Any help is much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 11:42:35 PM, on 11/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0\bin\javaw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Desktop Folders\Cleaning\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131307395062
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37390.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 27 November 2005 - 12:42 PM

Hi alverez503,

If malware is the cause of this problem it is well-hidden as I can see nothing in the HJT log. Since you appear to not run a resident antivirus (AV) or firewall you could well have a trojan that is well stealthed and the only way to be completely sure is to reformat. But let's try a couple of things first.

Download and install the trial version of ewido security suite.
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch Ewido by double-clicking the desktop icon.
- You may get a message that the database could not be found. This is normal-- click the OK button.
- The program will now go to the main screen.
- On the left hand side of the main screen click update.
- Click on Start update.
- The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed close Ewido.

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • If ewido detects an infected file click "Perform action on all infections"
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report.txt file to your desktop.
Now close ewido security suite.

Please post the contents of the report.txt file in your next post.

Run this free online scanner and allow it to fix all it finds:

Panda ActiveScan

Save the log from Panda and post it here in your next reply.

Then run run Kaspersky's onine scanner and post the log from it also. It doesn't clean, but will tell us if there is any detectable malware on your system:

Kaspersky WebScanner

Scan again with HijackThis and post your log from it as well.

I think you may have lucked out and are clean of malware. I suspect PeerGuardian may be the source of your problem, but let's see the scan results first.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#3 alverez503

alverez503
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 28 November 2005 - 12:18 PM

Sorry it took so long to get back with some results but here they are. For two days I was unable to connect to Kaspersky, for some reason that is either on their side or something really malicious on my system is blocking it. So here are the results from Ewido, Panda Activescan, and a HJT log. Thank you so much for any advice.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:37:05 PM, 11/27/2005
+ Report-Checksum: 99A56F21

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-468749764-3387778764-4135288181-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\bb.exe -> Spyware.BargainBuddy.l : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\WToolsA.exe -> Spyware.Wintol : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\WToolsA.exe -> Spyware.Wintol : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
-> : Error during cleaning
:mozilla.558:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.560:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.778:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Owner\Application Data\Mozilla\

#4 alverez503

alverez503
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 28 November 2005 - 12:22 PM

For some reason it didn't post the entire reply I had entered so here's the rest of the Ewido scan, and everything else, hopefully:

:mozilla.801:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
-> : Error during cleaning
:mozilla.887:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.924:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.925:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.927:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.928:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.935:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.936:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.937:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.938:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.939:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.940:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[4].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[3].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@euniverseads[3].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[3].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Common Files\sysdir\HeidiNorthcott_11yf05fg.exe -> TrojanDropper.Small.sc : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\switpb.exe -> Spyware.Atlas : Cleaned with backup
:mozilla.8:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
-> : Error during cleaning
:mozilla.13:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.28:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.40:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.41:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.42:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.43:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.49:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.50:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.55:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.56:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.61:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.64:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.65:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.66:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.69:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.70:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.71:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.72:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.73:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.74:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.75:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.76:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.81:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.82:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.83:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.85:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.86:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.87:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.88:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.89:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.173:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.179:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.185:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.186:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.187:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.188:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.192:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.194:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.195:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.196:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.205:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.206:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.207:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.208:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.209:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.210:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.211:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.216:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.226:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.227:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.228:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.229:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.230:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.231:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.236:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.260:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.284:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.285:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.291:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.298:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.299:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.300:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.301:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\3vj1xcgw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\WToolsA.exe -> Spyware.Wintol : Cleaned with backup
C:\WINDOWS\system32\lkcdjwfn.exe -> Not-A-Virus.RiskWare.Downloader.Casino : Cleaned with backup
C:\WINDOWS\system32\spool.exe -> Backdoor.Agobot : Cleaned with backup


::Report End


ACTIVESCAN


Incident Status Location

Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/BlazeFind Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\bar.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\client.cfg
Virus:Trj/Downloader.BZD Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\ICD1.tmp\roing17.INF
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Incredifind.exe
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\THI3667.tmp\twaintec.inf
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\twaintec.inf
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/BlazeFind Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\bar.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\client.cfg
Virus:Trj/Downloader.BZD Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\ICD1.tmp\roing17.INF
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\Incredifind.exe
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\THI3667.tmp\twaintec.inf
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\twaintec.inf
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-697fac7d-41b24ef2.zip[Dummy.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-1b5e1dbc.zip[InstallerApplet.class]
Virus:Trj/Downloader.BZD Not disinfected C:\WINDOWS\Downloaded Program Files\roing17.INF
Adware:adware/ipinsight Not disinfected C:\WINDOWS\farmmext.ini
Adware:adware/atlas Not disinfected C:\WINDOWS\switpc.dat
Adware:Adware/BlazeFind Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bar.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\client.cfg
Virus:Trj/Downloader.BZD Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ICD1.tmp\roing17.INF
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Incredifind.exe
Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\twaintec.inf
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050809-170509.backup
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20051021-003604.backup
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20051021-003605.backup
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20051021-003606.backup
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20051021-003607.backup
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20051106-185801.backup
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20051106-185802.backup
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20051106-185803.backup
Virus:Trj/Qhost.gen Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.20051115-170807.backup
Adware:Adware/nCase Not disinfected C:\WINDOWS\system32\saie.exe
Adware:adware/sahagent Not disinfected C:\WINDOWS\system32\SHAgentNew.dlltmp


HJT
Logfile of HijackThis v1.99.1
Scan saved at 9:10:46 AM, on 11/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
C:\Program Files\Java\jre1.5.0\bin\javaw.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\Desktop Folders\Cleaning\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131307395062
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37390.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 28 November 2005 - 09:00 PM

Wow. Well, you did have a lot of hidden stuff. Ewido has cleaned a lot of it, but ActiveScan found more that is still there. Do me a favor--for now just run a scan with HijackThis in Safe Mode and post the log. There is something I'm curious about that might help others like yourself, then we'll get started on the cleanup process. :thumbsup:

And don't worry about it taking a while to respond this last time. I'm slow between responses compared to other members of the team. While you wait I strongly suggest that you install a firewall and an antivirus.

Some good free firealls:
Sygate Personal Firewall
Kerio Personal Firewall
ZoneAlarm

I prefer Sygate.

Good free Antivirus:

Antivir
Avast Free
AVG Free
Bitdefender Free

I would suggest AVG for now and you can try the others if you prefer later. Just don't try to run more than one.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#6 alverez503

alverez503
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 30 November 2005 - 05:46 PM

Here's the HJT log from safe mode, I'm going to install AVG and Kerio right now. Might there be any problem from having Spybot, AVG, Kerio, Ewido, and SpywareBlaster on at once? Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 2:35:25 PM, on 11/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\Desktop Folders\Cleaning\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131307395062
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37390.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 30 November 2005 - 10:28 PM

Might there be any problem from having Spybot, AVG, Kerio, Ewido, and SpywareBlaster on at once?

No, in general, they do different things. This is a layered approach to security that is always recommended. A firewall and SpywareBlaster don't do scans, the other apps do. Scanners don't conflict with each other unless you run more than one at the same time and that's more of a problem with overloading your CPU. Various protection mechanisms for anitvirus are known to conflict which is why you don't want to have more than one installed at a time. Occasionally, antispyware and anti-trojan "'guards"/real time monitors have been known to clash, but not too often. I still personally will only have one or two such protection mechanisms running and otherwise just use the scanners.

Well, I didn't see what I was hoping for in safe mode, so let's go on and get you cleaned up :thumbsup:

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Reboot your computer into Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode.

Download Hoster. Press "Restore Original Hosts" and press "OK". Exit Program.

If you've already installed AVG, update it.

Now boot back into safe mode and run a ful system scan. Allow AVG to fix all it finds.
------------
This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Now reboot back into normal mode.

Scan your PC with eTrust Antivirus Web Scanner
Copy and paste the results of the scan into your next reply.

Also run Panda ActiveScan again and post that log.

Don't worry about how many posts it will take take, in your next reply please post these logs in order:

1. The log.txt file in the aproposfix folder.
2. What AVG may have fixed.
3. The eTrust log.
4. The Panda log.
5. A fresh HijackThis log run in normal mode.

Note: Your last HJT log indicates you have disabled some startups via MSCONFIG. In order for HijackThis to see what could be bad, I need for you to re-enable those startups temporarily. This way we can fix any malware instead of just leaving it disabled. Please do the following before scanning with HijackThis:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press OK until you are out of the program. Do not reboot. Scan with HijackThis and make the log to post here, then you can re-disable those startups. Please do this proces before posting a HijackThis log.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#8 alverez503

alverez503
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 01 December 2005 - 07:42 PM

I think something might have gone wrong with Kerio cause I can't connect to the internet on my computer anymore. Right now I'm using one of the other ones on my network, but Firefox and IE load, but can't go anywhere. Meanwhile the Linksys interface is showing I have a connection at 12MBps and above. I haven't had too much time to fool around with it and see if I can troubleshoot it myself, but I will tonight when I have more time. Until I can connect, it'll be a long time before I'll be able to follow your recommendations as I'll have to jumpdrive programs, and won't be able to do the two web scanners.

#9 alverez503

alverez503
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 02 December 2005 - 01:42 AM

I have determined that Kerio is stopping my web activity. Obviously I'm not too familiar with firewalls, so I'm wondering if that is how it's suppossed to work. Disabled while surfing, active when I'm not, it doesn't seem like it, as it does allow Azureus to run through JRE while active. I'm going to go ahead with all of your suggestions though it's obviously going to take a while with the web searches taking an hour or so to run. While respond when able to though.

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 02 December 2005 - 09:49 AM

OK. Firewalls can be tricky and a PIA, but they are necessary on today's internet. Plus ewido indicated you had malware on your system that had you connected to a botnet.

Not really sure what is going on on your system. If I read your response right, you are able to surf the internet with Kerio disabled? If that's the case, leave it like that and execute the instructions, especially the AproposFix and we can work out the kinks later. If you like, you can post the log from that tool once it has finished and let me know if there is any improvement with your original problem.

If still having problems with Kerio, go ahead and uninstall it:
http://support.kerio.com/index.php?_a=know...ails&_i=70&nav=

When you get the time, the following tutorial might help with Firewall basics:
Understanding and Using Firewalls

Let me know if you decide to uninstall Kerio. The rootkit on your system can cause connection problems, so I want to see if there is any improvement there and confirm that it's gone before we get back to it.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#11 alverez503

alverez503
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 02 December 2005 - 05:50 PM

Alright, so I've finished all the suggestions you made, and the results will be below.

Apropos:

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Owner\Desktop\Apropos\aproposfix

************

Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!


AVG showed the following viruses which look really suspicious, but didn't give any confirmation that it fixed them:

c:/Documents and Settings/Owner/Application Data/Sun/Java/Deployment/cache/javapi/v.1.0/jar/javainstaller.jar-5aa0b436-1b5e1dbc.zip

and

c:/Documents and Settings/Owner/Application Data/Sun/Java/Deployment/cache/javapi/v.1.0/jar/javainstaller.jar-5aa0b436-1b5e1dbc.zip/javainstaller/installer.applet.class

As well AVG reported a reading error in
partition table [mbr], and
boot sector of disc c:



eTrust Log

archive.jar-697fac7d-41b24ef2.zip>Dummy.class Java.ByteVerify!exploit infected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
hosts.20050809-170509.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.20051021-003604.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.20051021-003605.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.20051021-003606.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.20051021-003607.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.20051106-185801.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.20051106-185802.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.20051106-185803.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.20051115-170807.backup Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\
hosts.bak Win32.Hostblock infected C:\WINDOWS\system32\drivers\etc\


Panda Log

Incident Status Location

Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\saie.exe
Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\SHAgentNew.dlltmp
Adware:adware/ipinsight Not disinfected C:\WINDOWS\INF\farmmext.inf
Adware:adware/atlas Not disinfected C:\WINDOWS\switpc.dat
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/BlazeFind Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\bar.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\client.cfg
Virus:Trj/Downloader.BZD Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\ICD1.tmp\roing17.INF
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Incredifind.exe
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\THI3667.tmp\twaintec.inf
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\twaintec.inf
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/BlazeFind Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\bar.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\client.cfg
Virus:Trj/Downloader.BZD Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\ICD1.tmp\roing17.INF
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\Incredifind.exe
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\THI3667.tmp\twaintec.inf
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\twaintec.inf
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-697fac7d-41b24ef2.zip[Dummy.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-1b5e1dbc.zip[InstallerApplet.class]
Virus:Trj/Downloader.BZD Not disinfected C:\WINDOWS\Downloaded Program Files\roing17.INF
Adware:Adware/BlazeFind Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bar.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\client.cfg
Virus:Trj/Downloader.BZD Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ICD1.tmp\roing17.INF
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Incredifind.exe
Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\twaintec.inf
Adware:Adware/nCase Not disinfected C:\WINDOWS\system32\saie.exe



Finally, HJT in normal mode:

Logfile of HijackThis v1.99.1
Scan saved at 2:46:13 PM, on 12/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0\bin\javaw.exe
c:\Program Files\Microsoft Works\WksWP.exe
c:\Program Files\Microsoft Works\MSWorks.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Desktop Folders\Cleaning\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131307395062
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37390.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)


You mentioned some startups being blocked but everything is checked in msconfig under the startup button. Hope this gives you a better idea.

#12 alverez503

alverez503
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 02 December 2005 - 07:50 PM

As well, my computer seems to be running really slow right now, might that be because of AVG and the firewall running in the background?

#13 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 05 December 2005 - 01:07 PM

Sorry for the long wait. There are some unusual things about your logs and system that I'm having a hard time figuring out and I'll have someone else who is more knowledgable have a look at it.

The root kit I expected to find wasn't there but you may have another one. Not sure why you are experiencing slowness, but the mbr error lkely has something to do with it. AVG has a small footprint compared to most other AV's, but it and a firewall will slow down your system some.

Let's clean up what we know is still there and see if we can find what else is causing problems.

Download CleanUp 4.0. Review the installation instructions on that stevengould.org page and install it.

Then configure and run the program acording to the intructions in BC's tutorial How to use CleanUp! to protect your privacy. You want to make sure that Cleanup! All Users is checked.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Now delete the following files--note any that could not be found or deleted. If you can't delete them in normal mode, try again in safe mode:

C:\WINDOWS\SYSTEM32\saie.exe
C:\WINDOWS\SYSTEM32\SHAgentNew.dlltmp
C:\WINDOWS\INF\farmmext.inf
C:\WINDOWS\switpc.dat
C:\WINDOWS\Downloaded Program Files\roing17.INF
<--right click and choose Remove to delete this file.

You should be able to remove the Java files that AVG couldn't clean by clearing your Java cache. Follow the intructions on this page.

Please download RootKitRevealer from here:
http://www.sysinternals.com/files/rootkitrevealer.zip
Unzip it to the desktop, run it, and click Scan. Please don't use your PC for any other purpose while the scan runs to reduce legit items from showing in the log. This will generate a log file; please post the entire contents of the log file here for me to see.

Then run Panda ActiveScan again and post that log.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#14 alverez503

alverez503
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 08 December 2005 - 06:31 PM

Ran CleanUp!, which cleared 944MB.



Deleted the files you told me to, except:
C:\WINDOWS\Downloaded Program Files\roing17.INF
which I couldn't find with hidden folders/files shown and in safe mode.



Ran Rootrevealer twice and all it showed in it's log was:

D: 0 bytes Error mounting volume

D: is a recovery partition, so it probably blocked attempts to scan.



Panda Scan

Incident Status Location

Adware:adware/ipinsight Not disinfected C:\WINDOWS\farmmext.ini
Adware:adware/atlas Not disinfected C:\WINDOWS\switps.dat
Adware:adware/sahagent Not disinfected C:\WINDOWS\unstall.exe
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\FLEOK
Adware:Adware/nCase Not disinfected C:\RECYCLER\S-1-5-21-468749764-3387778764-4135288181-1003\Dc1.exe
Virus:Trj/Downloader.BZD Not disinfected C:\WINDOWS\Downloaded Program Files\roing17.INF
Adware:Adware/BlazeFind Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bar.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\client.cfg
Virus:Trj/Downloader.BZD Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ICD1.tmp\roing17.INF
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Incredifind.exe
Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\twaintec.inf

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:45 PM

Posted 08 December 2005 - 07:25 PM

Hi...i was asked to take a look at this for PK. Can you do me a favor and do the following:

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users