Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans are ruining my pc! [RESOLVED]

Started by Peelymonster , Jun 28 2005 10:23 PM

  • This topic is locked This topic is locked

#1
Peelymonster
Posted 28 June 2005 - 10:23 PM

Peelymonster

    Member

  • Member
  • PipPip
  • 31 posts
I have two Trojan viruses on our pc: RDRIV.SYS and RE11.REG - Norton Antivirus is unable to remove them. I believe these viruses are affecting the spyware packages - they all freeze up when I try to download updates. (Ad Aware, Spybot, CW Shredder).

I ran through all the start-up steps you recommended. Here is the Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 11:15:59 PM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\aims.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator.PEEL\Desktop\TOOLBOX - Fix Programs\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\Run: [AOL Messenger Optimized] AOLOpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\RunServices: [AOL Messenger Optimized] AOLOpt.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: D-Link AirPlus USB.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Instant Messenger - Unknown owner - C:\WINDOWS\aims.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
Metallica
Posted 05 July 2005 - 06:39 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
First do a Find files for AOLOpt.exe
If you find it surf to http://virusscan.jotti.org/
and have the file checked. Post the results.

Then I would like to advise to uninstall:
ViewPoint Manager
under Add/Remove Software.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\Run: [AOL Messenger Optimized] AOLOpt.exe

O4 - HKLM\..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\RunServices: [AOL Messenger Optimized] AOLOpt.exe

O23 - Service: AOL Instant Messenger - Unknown owner - C:\WINDOWS\aims.exe

Reboot into safe mode and delete:
C:\WINDOWS\aims.exe

Boot back to normal and post a new HijackThis log

Regards,
  • 0

#3
Peelymonster
Posted 05 July 2005 - 10:39 PM

Peelymonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
:tazz: Hello and thank you for your assistance. This is what I found when following the steps you outlined above:

- I did not fine AOLOpt.exe

- I was able to uninstall Viewpoint Manager under Add/Remove Software only AFTER the next HijackThis step and in Safe mode.

- All files were found in HijackThis, checked and Fixed.

- Rebooted in Safe mode

- C:\Windows\aims.exe was not found. I checked for aims.exe anywhere on the C: drive and it was not found.

Attached is the most current HijackThis log:

************

Logfile of HijackThis v1.99.1
Scan saved at 11:31:36 PM, on 7/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator.PEEL\Desktop\TOOLBOX - Fix Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: D-Link AirPlus USB.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Metallica
Posted 06 July 2005 - 03:32 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Good job. Ready for the final kill? :tazz:

Please follow all instructions as specified. Print these instructions to ensure all are followed.

Please download the following programs, but do not run them yet:

* rdrivRem.zip
  • Unzip it to your desktop.
* Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed exit Ewido.
* CleanUp!
  • Install it.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter.

1.) Please double-click rdrivRem.bat to run the program - follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder.

2.) Double-click the Ewido Security Suite icon to run the program.
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
3.) Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Reboot and after computer has restarted continue with the rest of the instructions:

4.) Make sure your firewall is on. Make sure you can turn it off then turn it back on and that nothing is greyed out.
Also, Make sure your Anti-Virus program is working properly - you can turn on and off auto-protect, etc.

5.) Run a full sytem scan with NAV. If it finds anything it should be able to quarantaine it now.

I need you to post the contents of rdriv.txt, the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this topic.

Regards,
  • 0

#5
Peelymonster
Posted 07 July 2005 - 10:48 AM

Peelymonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
:tazz: Okay, I ran through all the steps you recommended. There were a couple things that showed up - when I tried to get the updates for Ewido, nothing happened - scroll bar never moved, etc. I waited 45 minutes before cancelling it. This is the same issue I'm having with AdAware and Spybot - is that another virus I have that won't allow updates?? ;)

During step 2 (Ewido scan) I received the following message "The file 'c:\spc.exe\re11.reg' cannot be removed because it's embedded in the archive 'c:\sp2.exe'" I selected "REMOVE THE WHOLE ARCHIVE", then another message came up - same thing but this path "c:\system\volume" - I selected IGNORE on that one and a few others (same path) that popped up. Please let me know if I should re-run the program and remove those. :help:

Steps 3, 4 and 5 went through fine. NAV did not find any viruses (Hooray!)

One last oddity - my pc is taking 5-10 minutes to respond to SHUTDOWN or RESTART commands. Any ideas on that? ;)

Here are the various logs you requested:

RDRIV:

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:26:42 PM, 7/6/2005
+ Report-Checksum: DD889458

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02C20140-76F8-4763-83D5-B660107BABCD} -> Spyware.EliteBar : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{556DDE35-E955-11D0-A707-000000521958} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-842925246-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\administrator@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\administrator@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
:mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.33:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.35:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.45:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.15:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.20:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.21:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.29:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.30:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.31:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.34:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.35:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.36:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
-> : Error during cleaning
:mozilla.42:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.43:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.48:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.51:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.56:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.57:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.61:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.68:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.72:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.73:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.74:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.85:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.86:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.88:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.95:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.97:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.98:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.100:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.104:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.115:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.128:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.129:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.131:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.138:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.140:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.146:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.147:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.148:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.149:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.150:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.154:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.155:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.156:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.157:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.158:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.159:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.160:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.162:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.164:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.165:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.166:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.167:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.171:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.173:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.177:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.178:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.179:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.180:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.181:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.182:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.184:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.186:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Meesher33\tpz2i5ry.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Meesher33\tpz2i5ry.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.33:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.46:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.77:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.83:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.95:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.96:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.101:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.107:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.112:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.113:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.114:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.115:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.122:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.123:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.125:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.138:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.142:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.143:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.146:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.152:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.155:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.156:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.157:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.158:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.159:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.163:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.164:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.165:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.166:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.177:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.179:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.198:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.199:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.205:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.213:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.215:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.216:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.217:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.218:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.223:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.224:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.230:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.232:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.233:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.234:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.235:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.236:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.238:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.239:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.240:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.241:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.243:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.245:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.247:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.249:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.251:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.252:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.254:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.256:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.257:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.258:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.259:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.260:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.271:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.272:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.274:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.277:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.278:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.282:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.283:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.284:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.290:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Sportzb3\urx4fer9.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Sportzb3\urx4fer9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Sportzb3\urx4fer9.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Sportzb3\urx4fer9.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.6:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.7:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.34:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.35:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.40:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.41:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.42:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.43:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.46:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.47:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.55:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\DPeely\0kl3ym4f.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.7:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.16:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.18:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.32:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.33:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.34:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.35:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.36:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.37:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.38:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.40:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.46:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.47:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.51:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.52:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.53:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.54:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.55:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.58:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.63:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.70:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.71:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.82:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.86:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\Niteowlinstall\hn4g5t6a.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\hbinst\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\sp2.exe/re11.REG -> Trojan.LowZones.a : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP189\A0056231.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP207\A0067156.com -> Backdoor.Agent.jn : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP228\A0070207.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP228\A0071207.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP228\A0071212.exe/re11.REG -> Trojan.LowZones.a : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP239\A0072210.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP247\A0073207.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP250\A0074207.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP255\A0075207.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP262\A0076207.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP262\A0077207.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP264\A0078207.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP266\A0078287.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP267\A0078306.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP269\A0078343.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP269\A0078488.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP269\A0078493.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP269\A0078498.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078899.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078910.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078942.exe/InpB -> Spyware.TotalVelocity.k : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csbho.dll -> Spyware.Comet : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/cscore.dll -> Spyware.Comet : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csietb.dll -> Spyware.CometCursor : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/comet.exe -> Spyware.CometCursor : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csbrange.dll -> Spyware.CometCursor : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/fileutil.dll -> Spyware.Comet : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csutil.dll -> Spyware.Comet : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csinst.dll -> Spyware.CometCursor : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/cstray.exe -> Spyware.CometCursor : Error during cleaning
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP271\A0079103.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP271\A0079495.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP272\A0079511.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP274\A0079527.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP275\A0080527.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP277\A0080555.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP280\A0081527.sys -> Trojan.Rootkit.k
  • 0

#6
Metallica
Posted 07 July 2005 - 11:12 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK Anything with a pathname starting like this:
C:\System Volume Information\_restore
is in your Restore Points and it doesn't matter much if they get removed.
All it will accomplish is that your infected Restore Points are rendered useless.

can you find this file: C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts and rename it to hosts.bak

Then try updating your security programs again.

Regards,
  • 0

#7
Peelymonster
Posted 09 July 2005 - 08:53 AM

Peelymonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
;) Good morning! I think I'm all set now - Hooray! I tried to post yesterday, but was unable to connect to the site :tazz:

I re-did all the steps as you suggested and deleted those C:\System\Volume directories. I also had to completely get rid of Norton and re-install it. Once all those steps were completed, I was good to go.

Here are the various logs - note, you didn't send a link or instructions for ActiveScan so I don't have that one:

EWIDO:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:38:37 PM, 7/7/2005
+ Report-Checksum: 5E033588

+ Scan result:

C:\Documents and Settings\Administrator.PEEL\Cookies\administrator@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.PEEL\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.205:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.206:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.207:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.208:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP228\A0071212.exe/re11.REG -> Trojan.LowZones.a : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078942.exe/InpB -> Spyware.TotalVelocity.k : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csbho.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/cscore.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csietb.dll -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/comet.exe -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csbrange.dll -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/fileutil.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csutil.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/csinst.dll -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP270\A0078949.exe/cstray.exe -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP288\A0085592.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP288\A0085593.exe -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP288\A0085594.exe/re11.REG -> Trojan.LowZones.a : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP288\A0085595.exe -> Backdoor.SdBot.xd : Cleaned with backup
C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP288\A0085596.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup


::Report End

RDRIV:

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 9:48:30 AM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\CompuServe 7.0\wcs2000.exe
C:\Documents and Settings\Administrator.PEEL\Desktop\TOOLBOX - Fix Programs\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: D-Link AirPlus USB.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1723656-BECB-438B-8110-6173B3AB16E0}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Metallica
Posted 09 July 2005 - 11:56 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Your log is clean. :tazz:

Do the Active Scan here: http://www.pandasoft...n_principal.htm as a double-check.

Let me know the results and how your computer is behaving.

Regards,
  • 0

#9
Peelymonster
Posted 10 July 2005 - 07:47 PM

Peelymonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you-Thank you-Thank you!!! :tazz:

I tried running the ActiveScan twice, but it gives me an error - "An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again" and "Possible causes of this error are:
Not allowing the application's ActiveX control to be downloaded. Problems with the Internet connection. Other causes (consult the FAQs)."

I'll re-boot and try again. Have a great evening!

You can close this post. I am recommending this site to everyone I know having PC issues - great information and support!!

DP
  • 0

#10
Metallica
Posted 11 July 2005 - 03:35 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

Please do have a look at my site about removing and preventing spyware.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP