Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spy Sheriff, Reboot Loop, Please Help


  • Please log in to reply
16 replies to this topic

#1 juche

juche

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 06 August 2006 - 05:07 PM

Hi, so this is what happened:

--Yesterday (Saturday, Aug. 5), found that I was infected with some sort of spyware. As far as I could tell, it was Spy Sheriff, possibly others.

--Since I had been infected with a spyware virus a month before (Trojan, I believe), I tried the same program to get rid of the previous virus--SmitFraudFix, which I still had on my desktop, and which I downloaded from this site.

--However, when I went through the process, instead of reaching the red screen automatically rebooting me, nothing happened, except for a pop up menu asking me if I wanted to do a system restore or continue working in Safe Mode (I clicked the latter), and then nothing. So I hit "Q" to quit SmitFraudFix.

--Now I can't remember of the exact order, but I'm pretty sure I tried going back to normal mode, but instead of booting up normally, after the initial Windows XP screen, it went black, almost as if it turned off, then a blue screen flashed, so quickly that I couldn't see what was written except for the word "Error" which obviously jumped out at me, then rebooted. It continued like this in a continual loop.

--So I hit F8 to go back to Safe Mode with Networking. I downloaded SmitRem, went through the process, and again, I didn't reach the red automatic reboot screen. However, all signs of Spy Sheriff seem to be gone--none of its files in the Task Manager/Performance, I even did a search for "spy sheriff.exe" and didn't find it, it's not in my "Add/Remove Programs." Internet connection is fine.

--I tried doing a System Restore, both to the point where I received the Spy Sheriff, and to an even earlier date of about 2 weeks ago, but once it would reboot, I would hit the loop again. Then I would go into Safe Mode with Networking and a menu would appear saying "System Restore didn't work."

--So I can't get back to normal Windows XP! Everytime I shutdown or restart the computer, it goes into that loop--Windows XP screen, black, flashing of blue screen with some sort of Error message, then back again. Thankfully, I can bypass the loop by hitting F8 and going into Safe Mode or Safe Mode with Networking.

--I have a Compaq Presario X1010, purchased fall of 2003. It's been pretty reliable. I have Spybot and an expired Norton--oh yeah, and I used Spybot when I was in Normal mode and got rid of some spyware, but of course it didn't get rid of Spy Sheriff.

--The only new things I've installed is Party Poker.net a couple days ago, but I don't think that was the cause. I've searched the forums on here but nothing seems to match my problem. Please help! 99 bucks for a 1 year extended warranty with Compaq is too much, and I don't have the money. Thanks!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:16 PM

Posted 07 August 2006 - 07:32 AM

Hello juche

Everytime I shutdown or restart the computer, it goes into that loop--Windows XP screen, black, flashing of blue screen with some sort of Error message,

What does the error message say?

What OS (Win XP/2000, etc) are you using? Have you performed any anti-spyware scans in "SAFE MODE"?

Lets do the following:

Since your Norton is expired it may be best to remove it and replace with AVG or Avast.
Since Norton products can be difficult to remove read the discussion topic How To Remove Your Norton Products".

Install only one of the above, update its definitions and do your scan in safe mode.

Then download and scan with Ad-Aware SE Personal 1.06 in safe mode. Setup & Configure as shown here.

Download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Next, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".
Print out the Ewido Install and Scan Instructions.

I'd ask you to post a hijackthis log but its better if we can get a log in normal mode. If this does not help, then we may have to run Hijackthis in safe mode and post a log but lets see how this goes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 juche

juche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 07 August 2006 - 12:39 PM

Thanks so much for your response!

--RE: Error message, as I said, because it flashes for not even half a second, it doesn't give me enough time to see what's written--all I can tell is that it's blue, and there's the word "Error", but that's it.

--I'm using Windows XP

--I used SmitFix in Safe Mode, but it didn't disrupt the loop and return me to Normal mode.

--Question: So will your instructions not only get rid of the spyware but disrupt the reboot loop and get me back to Normal mode?

Thanks again!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:16 PM

Posted 07 August 2006 - 12:55 PM

If the problem is malware related we may or may not be able to stop the reboot loop. But its worth a try to scan for and eliminate as much malware as we can.

Plus your Norton AV is not doing much good if its expired and you can no longer obtain definition updates.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 juche

juche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 07 August 2006 - 01:45 PM

I tried downloading the Norton Removal tool but it said I couldn't do it in Safe Mode, but only in Normal mode, probably since it says I have to restart after downloading some of the files...

#6 juche

juche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 07 August 2006 - 03:39 PM

I just tried to download and install AVG, and it also said I cannot install in Safe Mode. Help please?

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:16 PM

Posted 07 August 2006 - 09:16 PM

Ok hold off on removing Norton and installing AVG for now. Do the Ewido and Ad-aware scans if you can.

Also download and scan with Sysclean Package.
1. Create a new folder on drive "C:\" ("C:\New Folder") and rename it Sysclean.
2. Place the sysclean.com inside that folder.
3. Then download the latest Virus Pattern Files (lptXXX.zip).
4. Extract the lptXXX.zip pattern file into the same folder you created for sysclean.com.
5. Close all open applications and DISABLE your current anti-virus software. Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them first.
6. While in Safe Mode open the Sysclean folder and double-click on sysclean.com to run.
7. It will take some time to complete. Be patient and let it clean whatever it finds.

Since you can access the Internet, you can also try doing some online scans.
Trend Micro Housecall Scan
Panda ActiveScan [ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.]
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 juche

juche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 08 August 2006 - 03:35 AM

Hi, thanks for the reply...

--I installed Ad-aware but when I tried to run it, it crashed the computer right when it started scanning, making it reboot the computer, which of course took me back to the reboot loop

--I successfully installed and ran Ewido. Here's the report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:48:05 PM 8/7/2006

+ Scan result:



C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Cache -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Cache\ErrorLog.txt -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Cache\NewCfg -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Uninstall.exe -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\Download Manager -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\Download Manager\asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\100.bin -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\but.bin -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\creditcard.bmp -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\disk 1.bmp -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\mail unreaded.bmp -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\msg.bin -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\peoples 1.bmp -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\poker.bmp -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\search find 2.bmp -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\web.bmp -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2s_cache\yellow folder closed.bmp -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\win32hp.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ADBN3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ADTMI1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ADVC5.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIB9894.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIC29667.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASID12180.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIE17070.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIF29819.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIF4502.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIFA15376.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIFWH29233.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIG21943.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIGT10102.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIH21180.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIH7853.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASII21469.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIL18549.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASILS29399.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIM4381.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIM9740.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIOG19375.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIOT25456.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIPF1965.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIR21184.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIRE20082.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIS24110.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIS31590.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIT17011.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIT26116.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIW11211.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIWS3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\AUTOS2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\BID1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\CARD2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\CARS3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\CASH2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\DATE4.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\EECH1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\EML1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\FAST1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\FINC3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\FINC5.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\FLWR1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\FMND1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\HEBE3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\HERBS1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\HOGAR3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\INK1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\JOBS4.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\MORT4.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\MOVS2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\NEWS2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\OPPR3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\SHOP2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\SPZ3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TECH2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMP3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TRVL6.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\UTONE2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\VENUE1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\WWW3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\XTFL2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Program Files\Web Offer -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\INSTALL.LOG -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\basisp.dst -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\basisp.kwd -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\basisp.pu -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\basisp.rst -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\gendis.ez -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\paramp.ez -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\rwdsp.rst -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\upgradep.vrn -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\versionp.vrn -> Adware.eZula : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{900FBC20-6AEE-4E05-ABA9-AC46E309C029} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{8B076501-1D1B-4B26-9492-FDB8EEE00D7F} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\instafink.INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\instafink.INSTAFINK\Clsid -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\INSTAFINK\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\INSTAFINK\Reports\38693 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\INSTAFINK\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\INSTAFINK\Reports\38693 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38897 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38898 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38899 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38900 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38900\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38900\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38901 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38901\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38901\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38902 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38903 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38903\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38903\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38904 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38904\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38904\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38905 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38905\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38905\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38915 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38915\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38915\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38921 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38922 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38922\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38922\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38923 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38923\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38923\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38928 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38930 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38930\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38930\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38931 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38932 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38932\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38932\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38933 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38933\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38933\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Reports\38934 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined).
C:\Program Files\Cowabanga\Cowabanga.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\Documents and Settings\1\Application Data\ѕymbols\сhkdsk.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[208] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[256] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[268] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[424] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[492] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[556] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
C:\WINDOWS\system32\WrapperOuter_exe -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Program Files\se -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
C:\Program Files\se\Data -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
C:\Program Files\se\Data\app.dat -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
C:\Program Files\se\Data\bm.dat -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\lock.exe -> Downloader.Delf.ang : Cleaned with backup (quarantined).
C:\WINDOWS\system32\win32hlp.exe -> Downloader.Delf.ang : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Аdobe\javaw.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\wjrvq.exe -> Downloader.Small.ctf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ekxchgkz.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\touuewov.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vkkuzvyr.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kgoupppx.exe -> Downloader.Small.dji : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bonpncok.exe -> Downloader.VB.aan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hffdftiy.exe -> Downloader.VB.afr : Cleaned with backup (quarantined).
C:\WINDOWS\system32:lzx32.sys -> Hijacker.Costrat.g : Cleaned with backup (quarantined).
C:\gwvoe.exe -> Hijacker.Costrat.g : Cleaned with backup (quarantined).
HKU\S-1-5-21-1726279461-841502021-4267227244-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ttetkqzn.nfq -> Hijacker.Small.js : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup (quarantined).
C:\yrroeef.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup (quarantined).
C:\Program Files\ktkphal.exe -> Not-A-Virus.Hoax.Win32.Renos.dc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\office_pnl.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\updwebmin.exe -> Proxy.Agent.km : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\8loy10tz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-933b39a-214922b0.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).
C:\joqmsxmo.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\osocnptf.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\rxxlurmb.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\wbop.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1310.exe -> Trojan.Regger.s : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\_ibm00003.exe -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\irckuw.exe -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
[796] C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll -> Trojan.Sinowal.ae : Error during cleaning.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Sinowal.ai : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe -> Trojan.Sinowal.ai : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dgmdjxea.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mlqucstk.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mrhikmgp.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mzeenkhi.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxzghvqm.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

--After quarantining everything, I tried rebooting my computer, but the loop was still there. I went back into Safe Mode.

--I successfully installed and ran Sysclean, but 0 viruses were found, though in the report (which I can't copy/paste for some reason), there were a lot of "error occurred while scanning file ..... access denied" and "could not set file for reading on..."

--I successfully installed and ran Panda ActiveScan, and it found 9 Viruses, 24 Spyware, and 10 Hacking Tools, but it won't let me delete them.

So, what's the next step? Am I better off just taking my computer to a service center?

BTW, thanks so much for your help, I can't believe you just volunteer your time for these problems.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:16 PM

Posted 08 August 2006 - 06:57 AM

ActiveScan does not remove adware/spyware but will autoclean for viruses & worms. It's possible some of the viruses it found were in quarantined areas. Not knowing the exact order of how you performed the scans, Ewido may have removed what ActiveScan did not if you performed that scan afterwards.

Anyway Ewido found and cleaned a lot of malware but had a problem with Adware.PurityScan.

Go to Start > Control Panels > Add/Remove Programs and uninstall the following programs if listed:
PuritySCAN By OIN
OIN
MediaTickets by OIN
Yazzle by OIN
Yazzle Cowabanga by OIN
Yazzle ActiveX By OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Yazzle Snowballwars by OIN
Yazzle Kobe Balls! by OIN
Zolero Translator
TizzleTalk by OIN
or anything similar with OIN or Outerinfo in it

Reboot and delete this folder if found:
C:\Program Files\PurityScan\

If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, please download and run the Purity Scan uninstaller.
Alternate link for download
Graphic instructions if needed.
1. Save the Uninstaller to your desktop.
2. Double click on the OiUninstaller.exe icon on your desktop.
3. Click on "Run".
4. Enter the four digit code that is displayed and click on "Uninstall".
5. Click on "Ok" and reboot your computer.
6. Then delete this folder if found:
C:\Program Files\PurityScan\

Keep in mind the reboot problem may not be related to malware. It is possible you have a corrupt registry, corrupt boot.ini or missing/corrupt HAL.DLL problem.

I know you could not read the error message but a common one is: "Cannot Find \Windows\System32\hal.dll".
See these links for more info.
http://www.kellys-korner-xp.com/xp_haldll_missing.htm
http://www.computerhope.com/issues/ch000490.htm

If that is the case then see "Langa Letter: XP's Little-Known 'Rebuild' Command" - easy fix for "Missing HAL.DLL," "Invalid Boot.Ini," and several other fatal startup errors.

You also might want to try some of the suggestions listed in "What to Do When XP or 2000 Won't Boot". You probably tried a couple of them already but there are more listed.

Another option is to do a "Repair Install".
"Repair Install" by Microsoft.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 juche

juche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 08 August 2006 - 06:03 PM

Hi,

--I found and uninstalled "Cowabunga by OIN", and couldn't find any folder in Program Files called "Purity Scan", did a search for it too.

--I managed to capture the error screen with my digital camera, here's what it says:

STOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of
0xc0000142 (0x00000000 0x00000000).
The system has been shut down.

--Does that help? What does it mean? Should I still try the Rebuilt Command?

Thanks!

#11 juche

juche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 08 August 2006 - 07:08 PM

Also, I don't have the XP Setup CD with me, so I don't think I can't do the Rebuilt Command.

#12 juche

juche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 August 2006 - 02:34 AM

Great news! I tried "Try Last Good Configuration" and I bypassed the reboot loop and went into Normal mode! Of course I feel like an idiot for not trying this earlier. Everything looks OK, though my screen resolution seems a bit off, and no sign of Spy Sheriff or any other spyware, but to be on the safe side I'm going to install and run all those other programs that I couldn't use before in Safe Mode.

Should I do or be concerned about anything else?

Thanks for all your help by the way! :thumbsup:

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:16 PM

Posted 09 August 2006 - 04:35 AM

Last Known Good Configuration was the first suggested step to try in What to Do When XP or 2000 Won't Boot. :thumbsup:

Yes, now update your anti-virus and anti-spyware, then do the scans and let me know the results.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 juche

juche
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 August 2006 - 04:43 AM

I installed and ran AVG and found 3 Trojan Horses, which I healed (by the way, is it better to heal or move an infected file to the Virus Vault?)

I used Ad-Aware and found and quarantined 48 objects...then AVG would pop up continously and ask if I wanted to heal or send to the Virus Vault a bunch of Trojans and other malware, at first I would click "heal" but they seemed to repeat, so after awhile I clicked "Virus Vault", does it matter?

I haven't used ATF Cleaner, will do so tomorrow, I'm tired.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:16 PM

Posted 09 August 2006 - 06:09 AM

I usually move everything into quarantine so I can review and then delete them later. Don't forget the scans with Ewido and Ad-aware. ATF cleaner primarily removes all the temp and junk files. You can skip SysClean and use one of the online scanners like Trend Micro Housecall Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users