Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First Cowabunga, Now God-only-knows What Malware


  • This topic is locked This topic is locked
13 replies to this topic

#1 Cerena

Cerena

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 10 August 2006 - 07:23 PM

I somehow got a bad file through an attachment, and cowabunga (yazzle?) was installed on my computer. I tried to remove it myself, but haven't been able to, mainly because somehow my internet connection keeps dying in the middle of every time I try to scan my computer using only scanners (housecall, etc). I've used Stinger, though, and I'm not sure exactly what it did or didn't do. If someone could help me fix this problem before I have to reformat, I'd be ridiculously grateful, since I'm an artist and most of my work is digital. I bought an external hard drive in case worse comes to worse, but I have a couple programs I can't reinstall, so I'd like that to be my last option. I do back up my work, but none of my recent stuff has been backed up (because I didn't have a big enough hard drive).

I left my computer alone for a few days after the initial infection (a command prompt was generated and vanished) and removal attempts(some of the time the internet was on, but I tried to disable it later), and now it is hideously infected, from what I can see. Everything is horrendously slow, and search pages steal all my my firefox browsers at one point or another. If there's anything beyond posting this log and following the directions (IE more investigation into what the exact problem is), please let me know? I know I definitely have these programs in my add/remove list that don't belong:

- Command
- Display Utility?
- IE Help (Internet Explorer? Didn't see this before)
- IEC system
- IPwins
- Network Monitor
- Targetsaver
- Yazzle ActiveX by OIN

I've run (several times) AdAware, Spybot S&D, Stinger, and Symantec Anti-Virus.

---------
My log:
---------

Logfile of HijackThis v1.99.1
Scan saved at 7:14:42 PM, on 08/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\S2VuemllIEFsbGVu\command.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Common Files\{BCBFC1DD-0726-1033-0804-040731200001}\Update.exe
C:\DOCUME~1\Kenzie\MYDOCU~1\ECURIT~1\explorer.exe
C:\Program Files\Common Files\?icrosoft.NET\ping.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ouwo\ouwom.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\ouwo\ouwoa.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - Default URLSearchHook is missing
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Search - {D8A0525E-68B4-8D8C-8F4F-0FB53DA95673} - C:\WINDOWS\ejxbbmnh.dll
O4 - HKLM\..\Run: [UpdService] C:\Program Files\Common Files\Microsoft Shared\MSWNInfo\UpdService.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [Microsoft System DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Anup] "C:\DOCUME~1\Kenzie\MYDOCU~1\ECURIT~1\explorer.exe" -vt yazr
O4 - HKCU\..\Run: [Qbpvlv] C:\Program Files\Common Files\?icrosoft.NET\ping.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ouwo] C:\PROGRA~1\COMMON~1\ouwo\ouwom.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2VuemllIEFsbGVu\command.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sifi81ve - Silicon Image, Inc - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe




Thanks for any help ya'll can give me!

Edited by Cerena, 10 August 2006 - 07:41 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:05 AM

Posted 12 August 2006 - 07:33 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
Don't worry about formatting. We'll get you fixed up without having to resort to any extreme measures.


Uninstall these programs:

IPwins
Network Monitor
Targetsaver
Yazzle ActiveX by OIN



Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Reboot when it finishes.


=============




Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Cerena

Cerena
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 12 August 2006 - 03:14 PM

Okay, I uninstalled those programs, and just followed the prompts that some of the uninstalls gave me. There are still some dodgy looking programs on my add-remove list, and I went ahead and uninstalled "Command" too, which ended up being an ad-support software that needed me to download and run an installer. Here are the results of my scan:

Start Time= 08/12/2006 15:10:01.78
Running from: C:\Documents and Settings\Kenzie\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-12 15:03:16 0 ( A.... ) "C:\Documents and Settings\Kenzie\Application Data\.googlewebacchosts"
2006-08-10 20:01:04 339968 ( A.... ) "C:\WINDOWS\system32\WDBtnMgr.exe"
2006-08-10 20:01:02 ( .D... ) "C:\Program Files\Western Digital Technologies"
2006-08-05 13:10:38 ( .D... ) "C:\Program Files\Common Files\ouwo"
2006-08-05 13:02:14 ( .D... ) "C:\Program Files\Network Monitor"
2006-08-03 11:47:54 ( .D... ) "C:\Program Files\InetGet2"
2006-08-02 22:57:44 ( .D... ) "C:\Program Files\Hijackthis"
2006-08-02 22:50:06 ( .D... ) "C:\Documents and Settings\Kenzie\Application Data\?racle"
2006-08-02 21:20:02 176128 ( A.... ) "C:\WINDOWS\system32\urroxtl.dll"
2006-08-02 21:20:02 8772 ( A.... ) "C:\WINDOWS\system32\isnotify.exe"
2006-08-02 21:19:38 155136 ( A.... ) "C:\WINDOWS\system32\oins.exe"
2006-07-27 08:24:46 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2006-07-21 16:00:18 573492 ( ..... ) "C:\WINDOWS\system32\sstqq.dll"
2006-07-21 15:47:36 ( .D... ) "C:\Program Files\Common Files\?icrosoft.NET"
2006-07-21 15:47:18 485589 ( A.... ) "C:\WINDOWS\ejxbbmnh.dll"
2006-07-21 15:47:18 ( .D... ) "C:\Program Files\Common Files\{BCBFC1DD-0726-1033-0804-040731200001}"
2006-07-21 15:42:12 524269 ( A.... ) "C:\WINDOWS\poyjoypb.dll"
2006-07-21 15:39:54 ( .D... ) "C:\Program Files\Common Files\AVSMedia"
2006-07-21 15:39:52 ( .D... ) "C:\Program Files\AVSMedia"
2006-07-21 15:24:18 ( .D... ) "C:\Program Files\QuickTime"
2006-07-21 03:24:44 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-14 10:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-13 08:33:28 8453632 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-06 21:08:46 ( .D... ) "C:\Program Files\SkillJam Technologies"
2006-07-05 05:55:02 984064 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-06-26 12:37:10 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-26 12:37:10 8192 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2005-04-01 07:28:56 975872 ( A.... ) "C:\Program Files\opencanvas.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-10 19:59 339,968 C:\WINDOWS\system32\WDBtnMgr.exe
2006-08-05 13:02 1,989 C:\WINDOWS\uninstall_nmon.vbs
2006-08-02 21:20 8,772 C:\WINDOWS\system32\isnotify.exe
2006-08-02 21:20 176,128 C:\WINDOWS\system32\urroxtl.dll
2006-08-02 21:19 155,136 C:\WINDOWS\system32\oins.exe
2006-07-21 16:00 573,492 C:\WINDOWS\system32\sstqq.dll
2006-07-21 15:47 485,589 C:\WINDOWS\ejxbbmnh.dll
2006-07-21 15:42 524,269 C:\WINDOWS\poyjoypb.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft System DLL Services Configuration"="windir32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{BCBFC1DD-0726-1033-0804-040731200001}"="\"C:\\Program Files\\Common Files\\{BCBFC1DD-0726-1033-0804-040731200001}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"Mfcd media time eggs"="C:\\Documents and Settings\\All Users\\Application Data\\SpamBikeMfcdMedia\\poke size.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ANIWZCSService"="C:\\Program Files\\Alpha Networks\\ANIWZCS Service\\WZCSLDR.exe"




Contents of the 'Scheduled Tasks' folder

Completion time: 08/12/2006 15:12:11.12
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt


------------

Also, when I was trying to copy some files to an external hard drive, I think some spyware tried to copy itself into the drive. I looked for it with Killbox, etc, but the file vanished. I couldn't delete it normally because it was "in use or disk is full", but it looks gone, but is there anything I should do before transferring my files to a different computer?

In addition, are my passwords (that I use on the computer and on various e-mail sites) still safe???

Edited by Cerena, 12 August 2006 - 03:25 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:05 AM

Posted 12 August 2006 - 08:53 PM

Your passwords should be safe with what I see so far, but I wouldn't transfer any files yet.



Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


=================



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\uninstall_nmon.vbs
    C:\WINDOWS\system32\isnotify.exe
    C:\WINDOWS\system32\urroxtl.dll
    C:\WINDOWS\system32\oins.exe
    C:\WINDOWS\system32\sstqq.dll
    C:\WINDOWS\ejxbbmnh.dll
    C:\WINDOWS\poyjoypb.dll
    C:\Program Files\Common Files\{BCBFC1DD-0726-1033-0804-040731200001}\Update.exe
    C:\Program Files\Common Files\{BCBFC1DD-0726-1033-0804-040731200001}\Services.dll




  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
============


After rebooting, please delete these folders.

C:\Program Files\Common Files\ouwo
C:\Program Files\Network Monitor"
C:\Program Files\InetGet2"
C:\Documents and Settings\Kenzie\Application Data\?racle <-- dated 8/2/06
C:\Program Files\Common Files\?icrosoft.NET <-- dated 7/21/06
C:\Program Files\Common Files\{BCBFC1DD-0726-1033-0804-040731200001}



=============


Please post a new hijackthis log.

Edited by Buckeye_Sam, 12 August 2006 - 08:53 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Cerena

Cerena
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 13 August 2006 - 07:12 PM

No PendingFileRename stuff popped up. There was one issue I found, that starting internet explorer pulled up an error that LIBBZ2.dll could not be found, but it still seemed to work, I'm not sure what that's all about.

Killbox log:
----
Pocket Killbox version 2.0.0.648
Running on Windows XP as Kenzie(Administrator)
was started @ Wednesday, August 02, 2006, 11:06 PM

Killbox Closed(Exit) @ 11:06:43 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Administrator(Administrator)
was started @ Wednesday, August 02, 2006, 11:09 PM

# 1 [Files to Delete]
Path = C:\WINDOWS\SYSTEM\uthm\spool32.exe
*This file does not seem to exist

# 2 [Files to Delete]
Path = C:\WINDOWS\Application Data\Acst\hfur.exe
*This file does not seem to exist

Killbox Closed(Exit) @ 11:12:36 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Kenzie(Administrator)
was started @ Thursday, August 10, 2006, 8:02 PM

# 1 [Files to Delete]
Path = G:\5d11a3602ba9a90df3055ca47716\mrtstub
*This file does not seem to exist

Killbox Closed(Exit) @ 8:04:24 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Kenzie(Administrator)
was started @ Sunday, August 13, 2006, 6:52 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\uninstall_nmon.vbs


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\isnotify.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\urroxtl.dll


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\oins.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\sstqq.dll


# 6 [Delete on Reboot]
Path = C:\WINDOWS\ejxbbmnh.dll


# 7 [Delete on Reboot]
Path = C:\WINDOWS\poyjoypb.dll


# 8 [Delete on Reboot]
Path = C:\Program Files\Common Files\{BCBFC1DD-0726-1033-0804-040731200001}\Update.exe


# 9 [Delete on Reboot]
Path = C:\Program Files\Common Files\{BCBFC1DD-0726-1033-0804-040731200001}\Services.dll


I Rebooted @ 6:53:56 PM
Killbox Closed(Exit) @ 6:54:02 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Kenzie(Administrator)
was started @ Sunday, August 13, 2006, 7:09 PM


-----------------------------------------------------------------------------------



HijackThis Log:



-----------

Logfile of HijackThis v1.99.1
Scan saved at 7:15:52 PM, on 08/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Search - {D8A0525E-68B4-8D8C-8F4F-0FB53DA95673} - C:\WINDOWS\ejxbbmnh.dll (file missing)
O4 - HKLM\..\RunServices: [Microsoft System DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sifi81ve - Silicon Image, Inc - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

-------------------

End logs.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:05 AM

Posted 14 August 2006 - 05:35 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
RO3 - Toolbar: Search - {D8A0525E-68B4-8D8C-8F4F-0FB53DA95673} - C:\WINDOWS\ejxbbmnh.dll (file missing)
O4 - HKLM\..\RunServices: [Microsoft System DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe



==============


Use Killbox to delete this file.

C:\Program Files\TClock\tclock_install.exe


==============


Then delete this folder.

C:\Program Files\TClock


==============



Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close Ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Clean out your Temporary Internet files
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start -> Control Panel and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    IMPORTANT: Close all windows and do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:

  • Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode and post the results of the Ewido scan report along with a new Hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Cerena

Cerena
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 15 August 2006 - 09:54 AM

Use Killbox to delete this file.

C:\Program Files\TClock\tclock_install.exe

This file does not seem to exist.


Then delete this folder.

C:\Program Files\TClock

Not there.








Ewido scan:


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:53:19 PM 8/14/2006

+ Scan result:



C:\!KillBox\ejxbbmnh.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\!KillBox\poyjoypb.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Adware.Delfin : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\27A39818-3200-4C36-BB00-636EEA\7A3C6362-CCC9-4119-B3FE-97653C -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\E13C5F79-E288-4CDD-A5FD-1D3B50\86EE28B0-6CFB-4695-93C3-A3A4CD -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\WINDOWS\NDNuninstall4_50.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
F:\FOUND.001\FILE0003.CHK -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\1264\SaveInstCmS.exe/Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\1264\SaveInstCmS.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\1264\SaveInstCmS.exe/Search.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\1264\SaveInstCmS.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\1264\SaveInstCmS.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\9303\SaveInstCmS.exe/Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\9303\SaveInstCmS.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\9303\SaveInstCmS.exe/Search.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\9303\SaveInstCmS.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\ddm\9303\SaveInstCmS.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\164CE755-53A8-4E4F-A0D4-2EF082\4BB283FF-359B-4673-8286-8F531C -> Adware.SmartPops : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\164CE755-53A8-4E4F-A0D4-2EF082\5183D826-9606-4C25-9CEF-61A838 -> Adware.SmartPops : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\164CE755-53A8-4E4F-A0D4-2EF082\6BA717A0-3FFC-4AE9-B370-ADAC29 -> Adware.SmartPops : Cleaned with backup (quarantined).
C:\WINDOWS\system32\unregister.exe -> Adware.VB : Cleaned with backup (quarantined).
C:\!KillBox\sstqq.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sstqq.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bbi2.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
F:\WINDOWS\TEMP\btiein.dll -> Downloader.QDown.ad : Cleaned with backup (quarantined).
C:\!KillBox\isnotify.exe -> Downloader.Zlob.acl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\isnotify.exe -> Downloader.Zlob.acl : Cleaned with backup (quarantined).
C:\Documents and Settings\Kenzie\Local Settings\Application Data\Ares\My Shared Folder\avs video tools 5 3 2 445 crack.rar/crack.exe -> Dropper.Agent.anl : Cleaned with backup (quarantined).
F:\WINDOWS\redirect6.exe -> Hijacker.VB.bh : Cleaned with backup (quarantined).
C:\!KillBox\urroxtl.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
C:\WINDOWS\system32\components\flx6.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
C:\WINDOWS\system32\urroxtl.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
:mozilla.187:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.106:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.107:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.108:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.109:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.110:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.111:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.112:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.113:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.114:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.115:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.397:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@112.2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@2o7[4].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\cerenacat@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@adorigin[3].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@adorigin[4].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@ads.adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@ads.adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@www.adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@www.adorigin[3].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
:mozilla.84:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.85:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.86:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.87:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.141:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.142:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.143:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.69:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.69:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.70:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.70:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.71:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.71:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.72:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.72:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.73:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.73:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.74:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.74:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.75:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.75:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.76:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.76:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.77:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.77:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.78:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.78:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.79:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.79:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.80:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.80:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.81:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.82:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.83:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.84:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.85:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.86:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.87:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.88:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.53:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.60:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.6:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.113:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.122:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.94:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
:mozilla.129:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.130:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.799:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.800:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.125:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.55:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.903:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\cerenacat@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.200:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.201:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.202:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.179:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.180:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.181:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.393:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@search.clickfinders[1].txt -> TrackingCookie.Clickfinders : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@search.clickfinders[2].txt -> TrackingCookie.Clickfinders : Cleaned with backup (quarantined).
:mozilla.782:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.13:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.14:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@com[4].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\cerenacat@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.252:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.253:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.254:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.255:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@1sg.cqcounter[1].txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@sheetmusic.com.19828.fb.dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup (quarantined).
:mozilla.50:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.54:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\cerenacat@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup (quarantined).
:mozilla.422:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.424:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@a-1shz2prbmdj6wvny-1sez2pra2dj6wjl4endjohpw-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiaic5mdpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyehc5khpg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4eocjkcpwydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ohc5ceow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4qlc5aeoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4wpdpihowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqgdzsgpwudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowndpwapqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyamdzceow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokhazscqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloooajilog6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiajdjgbowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmycoazeaqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyamd5keow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyelazscoamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyogdzseoq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.221:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.222:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.152:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.153:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.154:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.155:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.156:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.163:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.164:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.165:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.166:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.790:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.791:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.792:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.793:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.103:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.104:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.105:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.106:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.117:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.118:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
:mozilla.151:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@earth.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@earth.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.164:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.923:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.924:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.925:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.926:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@www.hightrafficads[1].txt -> TrackingCookie.Hightrafficads : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@www.hightrafficads[2].txt -> TrackingCookie.Hightrafficads : Cleaned with backup (quarantined).
:mozilla.159:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.16:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.17:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.18:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.191:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.210:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.211:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.212:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.215:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.256:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.53:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.54:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.55:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.57:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.58:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.59:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.60:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.90:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.38:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.39:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.40:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.41:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.474:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.168:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@ads.link4ads[3].txt -> TrackingCookie.Link4ads : Cleaned with backup (quarantined).
:mozilla.192:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.194:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.286:F:\Documents

Edited by Cerena, 15 August 2006 - 03:47 PM.


#8 Cerena

Cerena
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 15 August 2006 - 03:49 PM

Continued:

F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.287:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.144:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.145:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.169:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.274:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.632:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.633:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.634:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.635:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.636:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.270:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.271:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.27:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.28:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.95:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.97:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.748:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.749:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.750:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Cookies\kenzie@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\27GB Kraul\Documents and Settings\Kenzie\Local Settings\Temp\Cookies\kenzie@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@www.web-stat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\cerenacat@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\cerenacat@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.114:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.160:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.165:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.166:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.17:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.18:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.197:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.198:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.199:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.19:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.200:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.201:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.202:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.203:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.204:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.205:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.206:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.207:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.208:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.20:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.21:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.224:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.225:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.22:C:\27GB Kraul\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\default.9ci\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.231:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.232:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.233:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.234:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.266:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
F:\Documents and Settings\cerenacat\Cookies\anyuser@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.222:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.223:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.224:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\Default User\lvv4uodl.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.268:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.269:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.270:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.271:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.272:F:\Documents and Settings\cerenacat\Application Data\Phoenix\Profiles\default\dt5fu9pk.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Kenzie\Application Data\Mozilla\Firefox\Profiles\jugpa9qb.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\!KillBox\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).


::Report end

-------------

I keep getting this message from Ewido about "Adware.Virtumonde" location "C:\Windows\system32\sstqq.dll, and every time I say "clean and move to quarantine (recommended)" it pops back up again. What should I do? I tried to Killbox that particular file and it said the file couldn't be deleted. Then my start menu and icons were gone. I went ahead and ran HJT from a New Task on the Task Manager, and here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:00 PM, on 08/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sifi81ve - Silicon Image, Inc - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe



End log.


Also, what is the best malware/spyware/virus scanner and deleter to buy right now, within a reasonable price range?

What should I do about the Virtumonde popup thing from Ewido???

And my internets are having issues... so I'm having to wrestle just to post this! It keeps trying to aquire an IP...

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:05 AM

Posted 15 August 2006 - 05:25 PM

We need a special tool to get rid of Virtunmonde.



Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Cerena

Cerena
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 16 August 2006 - 03:05 PM

VundoFix V5.1.11

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Scan started at 9:48:08 AM 8/16/2006

Listing files found while scanning....

C:\windows\system32\sstqq.dll
C:\windows\system32\qqtss.ini
C:\windows\system32\qqtss.bak1
C:\windows\system32\qqtss.bak2
C:\windows\system32\qqtss.ini2
C:\windows\system32\qqtss.tmp

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\sstqq.dll
C:\windows\system32\sstqq.dll Could not be deleted.

Attempting to delete C:\windows\system32\qqtss.ini
C:\windows\system32\qqtss.ini Has been deleted!

Attempting to delete C:\windows\system32\qqtss.bak1
C:\windows\system32\qqtss.bak1 Has been deleted!

Attempting to delete C:\windows\system32\qqtss.bak2
C:\windows\system32\qqtss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\qqtss.ini2
C:\windows\system32\qqtss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\qqtss.tmp
C:\windows\system32\qqtss.tmp Has been deleted!

Performing Repairs to the registry.
Done!

It said it would try to delete sstqq.dll when it rebooted.


HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:00:04 PM, on 08/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {389904AF-A497-3F60-CB3C-821BC8D87E5A} - C:\Program Files\inscdm\wiphwgryvu.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {571E0DC9-3B2C-45E0-A027-C498D11FEDCA} - C:\WINDOWS\system32\sstqq.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {A1ACC2D4-B96C-E312-EE68-5E2947C440EB} - C:\WINDOWS\ejxbbmnh.dll (file missing)
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winclw32 - winclw32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sifi81ve - Silicon Image, Inc - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:05 AM

Posted 16 August 2006 - 06:27 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {389904AF-A497-3F60-CB3C-821BC8D87E5A} - C:\Program Files\inscdm\wiphwgryvu.dll (file missing)
O2 - BHO: (no name) - {571E0DC9-3B2C-45E0-A027-C498D11FEDCA} - C:\WINDOWS\system32\sstqq.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O20 - Winlogon Notify: winclw32 - winclw32.dll (file missing)



===============


Run Vundofix once again and post the log.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Cerena

Cerena
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 18 August 2006 - 03:20 PM

Vundo log:


VundoFix V5.1.11

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Scan started at 9:48:08 AM 8/16/2006

Listing files found while scanning....

C:\windows\system32\sstqq.dll
C:\windows\system32\qqtss.ini
C:\windows\system32\qqtss.bak1
C:\windows\system32\qqtss.bak2
C:\windows\system32\qqtss.ini2
C:\windows\system32\qqtss.tmp

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\sstqq.dll
C:\windows\system32\sstqq.dll Could not be deleted.

Attempting to delete C:\windows\system32\qqtss.ini
C:\windows\system32\qqtss.ini Has been deleted!

Attempting to delete C:\windows\system32\qqtss.bak1
C:\windows\system32\qqtss.bak1 Has been deleted!

Attempting to delete C:\windows\system32\qqtss.bak2
C:\windows\system32\qqtss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\qqtss.ini2
C:\windows\system32\qqtss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\qqtss.tmp
C:\windows\system32\qqtss.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V5.1.11

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Scan started at 11:03:27 AM 08/17/2006

Listing files found while scanning....


VundoFix V5.1.11

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Scan started at 11:04:03 AM 8/17/2006

Listing files found while scanning....

No infected files were found.



-----------------------


HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 3:25:31 PM, on 08/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Semagic\LiveJournalU.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sifi81ve - Silicon Image, Inc - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:05 AM

Posted 18 August 2006 - 08:11 PM

Vundofix was recently updated from the version that you have now. Please delete the version you have.



Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Let me know if Ewido is still popping up with warnings of Virtumonde.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:05 AM

Posted 03 September 2006 - 02:15 PM

Unfortunately there has been no response, and this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users