Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

1-WinAntiSpyware and 2-Install Winfixer [CLOSED]

Started by lopezvip , Oct 03 2005 08:42 PM

  • This topic is locked This topic is locked

#1
lopezvip
Posted 03 October 2005 - 08:42 PM

lopezvip

    Member

  • Member
  • PipPip
  • 22 posts
Hello I am new on here, eventhough I have been reading other people's similar problem...I dont understand to much about this stuff!!! but, i have the problem,and i have HijackThis cwshredder and killbox.


here is my hijack file pasted and attached:


Logfile of HijackThis v1.99.1
Scan saved at 10:37:20 PM, on 10/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pedro Lopez-Villari\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\html\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bellsouth.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\System32\vtuut.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\WINDOWS\Downloaded Program Files\UWAS5LP_0001_0811NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5NetInstaller.exe"
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c10.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,11/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol....ne/aolcinst.cab
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\l4p2le7o1h.dll (file missing)
O20 - Winlogon Notify: vtuut - C:\WINDOWS\System32\vtuut.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Attached Files


  • 0

Advertisements

#2
greyknight17
Posted 03 October 2005 - 08:50 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

No need to attach the log. Just copy and paste it like you did already :tazz:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download VundoFix.exe at http://www.atribune....ds/VundoFix.exe to your desktop.

* Double-click VundoFix.exe to extract the files.
* After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key (or F5 in some machines) until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
* Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
* Please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\System32\vtuut.dll

* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
* When asked for a second path, enter -> C:\WINDOWS\System32\tuutv.*
* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
* The fix will run then HijackThis will open.
* In HijackThis, please place a check next to the following items and click FIX CHECKED:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\System32\vtuut.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\WINDOWS\Downloaded Program Files\UWAS5LP_0001_0811NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5NetInstaller.exe"
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c10.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\l4p2le7o1h.dll (file missing)
O20 - Winlogon Notify: vtuut - C:\WINDOWS\System32\vtuut.dll

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

rmdir /s /q "C:\program files\tvs\"
del "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe"
del "C:\WINDOWS\Downloaded Program Files\UWAS5LP_0001_0811NetInstaller.exe"
rmdir /s /q "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\"
del C:\WINDOWS\System32\vtuut.dll
del delete.bat

Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it to run it.

* After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
* Pressing any key will cause a 'Blue Screen of Death' this is normal, do not worry!
* Once your machine reboots please continue with the instructions below.

Download and install CleanUp! http://www.greyknigh...spy/CleanUp.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click 'Options...'
Move the arrow down to 'Custom CleanUp!'
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK. Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.

Then, please run an online virus scan at ActiveScan http://www.pandasoft.../activescan.htm

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
lopezvip
Posted 05 October 2005 - 12:41 AM

lopezvip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i am having trouble with the instructions....i downloaded vundofix and i saved it to my desktop...i got the icon and i double clicked it. now i created a new folder and put all the vundo fix stuff in it. when i restart in safe mode... the file is not in my desktop...i also tried searching in my computer, c drive, documents and settings, pedro lopez-villari, desktop...and i got an error that said i cant access it....how do i do this part so i can get to the killvundo.bat and continue after that

i noticed when i had a choice to restart in safe mode there were 3 options..safe mode, safe mode with command prompts, and safe mode with networking...i have no idea what to do =(
  • 0

#4
greyknight17
Posted 05 October 2005 - 12:57 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No need to create a folder for VundoFix. It will do it for you. Just run the VundoFix.exe you downloaded and click on Install. Then restart and boot into Safe Mode (choose the regular Safe Mode...with no command prompt or networking). Then login to your account (if you can) and open up that vundofix folder. Click on the killvundo.bat file to run it...continue with the rest of the instructions.
  • 0

#5
lopezvip
Posted 05 October 2005 - 06:08 PM

lopezvip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i have done that i have windows xp and i see the vundofix icon, i cliked it and installed it, a vundofix folder was created with 4 files. when i restart in safe mode i do not see the vundofix icon or the file it created....i dont understand, should i just do the process in regular mode, or is there another way to do this?

Thank you for your patience with me on this topic.
  • 0

#6
greyknight17
Posted 05 October 2005 - 07:22 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, did you login to your account in Safe Mode? If you logged into another account (say, Administrator), then you will have to go to My Computer->C: Drive->Documents and Settings->your_username->Desktop...where your_username is the username you installed those 4 files to (that's your account in Normal Mode). You should see those 4 files in that folder...
  • 0

#7
lopezvip
Posted 05 October 2005 - 08:44 PM

lopezvip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
thanks for the info, yea, i actually have been doing the fix...I found that i if I moved vundofix to C: drive desktop then i would be able to access it when i was in safe mode(administrator) via my computer, c drive, desktop


so this is what happened, i ran the process
but HJT was not in the same desktop location, so i got an error
I rebotted andI put HJT where i had put kill vundo
I re ran in safe mode and started with your instructions....

1>i could not find R3 - URLSearchHook: (no name) - {87766247-......} - (no file)

2> I got a popup "HJT cannot repair O10 Winsock LSPentris you should use LSPfix for that... http://www.cexx.org/lspfix.htm
it also recommended spybot for the operation if i had it"...I have it

3>after i closed the blue screen of death did not show up so i simply rebooted

4> i cleaned up and ran virus scan, when i cleaned i mistakenly left two more of the checkboxes cheked they said something about subscription...is that ok.

Below is my results from teh pandascan, new HJT, VF.txt( how do i get this one)????:

PANDASCAN PANDASCAN

Incident Status Location

Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\System32\vtuut.dll
Adware:adware/popmonster No disinfected C:\Documents and Settings\Pedro Lopez-Villari\Favorites\SHOPPING\Ebay.url
Adware:adware/favoriteman No disinfected C:\WINDOWS\SYSTEM32\ATPartners.dll
Adware:adware/look2me No disinfected C:\WINDOWS\SYSTEM32\guard.tmp
Spyware:spyware/betterinet No disinfected C:\WINDOWS\SYSTEM32\in10b6s.dll
Adware:adware/virtualbouncer No disinfected C:\WINDOWS\SYSTEM32\INNERVBINSTALL.LOG
Adware:adware/searchforit No disinfected C:\WINDOWS\SYSTEM32\SYSsfitb.dll
Adware:adware/gator No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\HDPlugin1015.dll
Adware:adware/wupd No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaGatewayX.dll
Adware:adware/keenvalue No disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Adware:adware/delfinmedia No disinfected C:\keys.ini
Adware:adware/ipinsight No disinfected C:\WINDOWS\alchem.ini
Adware:adware/adurl No disinfected C:\WINDOWS\icont.exe
Adware:adware/twain-tech No disinfected C:\WINDOWS\support.cn
Adware:adware/broadcastpc No disinfected C:\PROGRAM FILES\tvs
Adware:adware/sidesearch No disinfected C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Lycos
Spyware:spyware/virtumonde No disinfected Windows Registry
Spyware:Spyware/Virtumonde No disinfected C:\desktop\backups\backup-20051005-205526-644.dll
Dialer:Dialer.BOO No disinfected C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-1ac02c55-56436f6c.class
Dialer:Dialer.BOO No disinfected C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-26734d8e-743d6587.class
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\TVS_B.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\tvs_clean.exe
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1015.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Downloaded Program Files\valent.inf
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\afctres.dll
Adware:Adware/NetPals No disinfected C:\WINDOWS\system32\ATPartners.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\bCsesrv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\d60mlgd1160.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dmnmodem.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dttrans.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\e4jmle111h.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\en88l1lu1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fnntsub.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fp2803fue.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fpj2031oe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fpl2033oe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\g422lefo1h2c.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gstuname.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\guard.tmp
Virus:Trj/ShellHook.E Disinfected C:\WINDOWS\system32\hgggf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iartprio.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\in10b6s.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ivmp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ivmpagnt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iyctl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\j0l4la3q1d.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\j8p00i7me8.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\k8pm0i71e8.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kpdlt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kqdinkan.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ktjml7111.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\l40u0ed9eh0.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\l42s0ef7eh2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mar.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mccorier.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mdxmlr.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mlminst.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mnsystem.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\movbvm50.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mv62l9jo1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mx4sdmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\n06qlaj51do.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\o0nsla571d.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\pjpusd.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\r4r60e9seh.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\rimps.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\rKsppp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\rUstls.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\t6r8lg9u16.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\vtuut.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\wzpencen.dll



HIJACKTHIS
HIJACKTHIS


Logfile of HijackThis v1.99.1
Scan saved at 10:41:28 PM, on 10/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pedro Lopez-Villari\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\html\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bellsouth.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\System32\vtuut.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,11/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol....ne/aolcinst.cab
O20 - Winlogon Notify: vtuut - C:\WINDOWS\System32\vtuut.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
greyknight17
Posted 05 October 2005 - 09:55 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That's ok. We'll take a different approach now to get rid of a bunch of other bad files first:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Download LSPFix http://www.greyknigh.../spy/LSPFix.exe and run it. Check the box that says 'I know what I'm doing'. Click on connwsp.dll on the left window and then click on the arrow pointing to the right. Click Finish and follow the prompts.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\System32\vtuut.dll
O20 - Winlogon Notify: vtuut - C:\WINDOWS\System32\vtuut.dll

Locate and delete the following:

C:\WINDOWS\System32\vtuut.dll

Restart your computer. Run the new Panda scan and save the log. Post the logs for HijackThis, Panda and Ewido.
  • 0

#9
lopezvip
Posted 06 October 2005 - 01:28 AM

lopezvip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i could not open ewido on safe mode so i ran ewido in normal mode
i cleaned every file except one.

in normal mode i also tried to manually find and delete C:/windows/system32/vtuut.dll it said it was being used and i could not delete it...should i try again to delete it in safe mode or did

So here is the ewido text file and hijack file:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:01:56 AM, 10/6/2005
+ Report-Checksum: 1DE370E8

+ Scan result:

C:\desktop\backups\backup-20051005-205526-644.dll -> Spyware.Virtumonde : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName -> Spyware.BrowserAid : Error during cleaning
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName.1 -> Spyware.BrowserAid : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC3BBF86-E4EC-4412-9676-8355468B3B05} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DS3.dll\\.Owner -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DS3.dll\\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-3744855276-25715191-873561151-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Mozilla\Firefox\Profiles\ixezvm4k.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Mozilla\Firefox\Profiles\ixezvm4k.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Mozilla\Firefox\Profiles\ixezvm4k.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Mozilla\Firefox\Profiles\ixezvm4k.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Aly-n-Kwissy\Application Data\Phoenix\Profiles\default\ll9m5mlp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Mozilla\Firefox\Profiles\1dgy89md.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Phoenix\Profiles\default\1fpcbblz.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-1ac02c55-56436f6c.class -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Pedro Lopez-Villari\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-26734d8e-743d6587.class -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Pedro Lopez-Villari\Cookies\pedro lopez-villari@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Pedro Lopez-Villari\Cookies\pedro lopez-villari@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Pedro Lopez-Villari\Cookies\pedro lopez-villari@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Pedro Lopez-Villari\Cookies\pedro lopez-villari@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Pedro Lopez-Villari\Cookies\pedro [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Pedro Lopez-Villari\Cookies\pedro lopez-villari@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0802NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWAS5LP_0001_0811NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\afctres.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ATPartners.dll -> TrojanDownloader.Rameh.c : Cleaned with backup
C:\WINDOWS\system32\bCsesrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\d60mlgd1160.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dmnmodem.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dttrans.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\e4jmle111h.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\en88l1lu1.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fnntsub.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fp2803fue.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fpj2031oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fpl2033oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\g422lefo1h2c.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gstuname.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iartprio.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\in10b6s.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\ivmp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ivmpagnt.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iyctl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\j0l4la3q1d.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\j8p00i7me8.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\k8pm0i71e8.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kpdlt.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kqdinkan.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ktjml7111.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\l40u0ed9eh0.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\l42s0ef7eh2.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mar.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mccorier.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mdxmlr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mlminst.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mnsystem.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\movbvm50.dll -> Spyware.Look2Me : Cleaned with backup
C:\
  • 0

#10
greyknight17
Posted 06 October 2005 - 05:44 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you post the new Panda log also? Run another scan and post the log here to make sure nothing else bad is found.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName]
[-HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName.1]

Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

C:\desktop\backups\backup-20051005-205526-644.dll
C:\WINDOWS\System32\vtuut.dll

What was the problem with opening up Ewido in Safe Mode? Would the scan not work? Try again to do a scan in Safe Mode. If it still won't work, tell me, and run it in Normal Mode instead. Post the log here along with the Panda log and a new HijackThis log. I need ALL 3 logs please :tazz:
  • 0

Advertisements

#11
lopezvip
Posted 06 October 2005 - 09:52 PM

lopezvip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
pandascan is not working for me...whats going on??? its stops at 196 files....i already tried restaring it.


shoudl i continue with the rest of your instructions about Regedit4 ???
  • 0

#12
greyknight17
Posted 07 October 2005 - 04:39 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you run Panda scan before or is this your first time? Did it work the first time (if you ran it before)? Do you remember which folder it was scanning at the time it stopped scanning?

Yes, continue on and then try the Panda scan at the end when everything is done to see if it works. If not, run another Ewido scan in Safe Mode and post it here.
  • 0

#13
lopezvip
Posted 08 October 2005 - 07:54 PM

lopezvip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i had run it before; with one of your early processes for fix my problem---, and it had worked.

well i continued and did regedit....when in killbox i did everything and the computer did not reboot on its own. so i manually rebooted when i did ewido auto detected vtuut.dll as it has been doing as of late. im gonna try pandascan now and try to do ewido scan in safe mode( it didnt run last time in safe mode)
  • 0

#14
lopezvip
Posted 08 October 2005 - 09:29 PM

lopezvip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i did the pandascan and it did not have a number of files scanned, but this time just stop ... so i clicked stop and saved report, here it is, remmeber i never could physically find and delte this vtuut.dll thingy caused it said it was in use and as per my last post...killbox did not reboot on its own..im gonna try ewido in safe mode now


Incident Status Location

Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\System32\vtuut.dll
  • 0

#15
lopezvip
Posted 08 October 2005 - 11:26 PM

lopezvip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ewido worked in safe mode!!!!

I rebooted and i ewido still got that damned vtuut.dll in c:/system32 crap! here is the ewido safemode scan results


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:03:19 AM, 10/9/2005
+ Report-Checksum: 5961FFC6

+ Scan result:

HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Error during cleaning
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Error during cleaning
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Error during cleaning
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Error during cleaning
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName -> Spyware.BrowserAid : Error during cleaning
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName.1 -> Spyware.BrowserAid : Error during cleaning
C:\desktop\backups\backup-20051005-205526-644.dll -> Spyware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\vtuut.dll -> Spyware.Virtumonde : Cleaned with backup


::Report End
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP