Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojans that won't go away


  • Please log in to reply

#1
ne0ngurl

ne0ngurl

    New Member

  • Member
  • Pip
  • 5 posts
Hello all,

I'm new and I followed all the steps listed in the sticky and I'm still experiencing some issues. 2 trojans came up, A006559.dll and pmnlj.dll during a system scan.

Thanks for the help in advance. :tazz:



Here is the logfile from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:15 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tress\Desktop\Virus [bleep]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\repair\psole.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\awvtt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NI.UWFX5_0001_LP] "C:\Documents and Settings\Tress\Local Settings\Temporary Internet Files\Content.IE5

\03BDI1UG\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04

\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...b?1093577944015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1132882192765
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://download.game...aploader_v6.cab
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: psole - C:\WINDOWS\repair\psole.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file

missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file

missing)
  • 0

Advertisements


#2
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
ne0ngurl,

Welcome to the GTG Forums, I will be reviewing your HJT log.
Please read "ALL" of the instructions before proceeding:

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop.

This process will take a few steps, please take your time and follow the directions in the order posted.
If you don't understand something please ask before performing any task..

Now do the following:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\awvtt.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\ttvwa.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:
    O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\repair\psole.dll (file missing)
    O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\awvtt.dll

    O4 - HKLM\..\Run: [NI.UWFX5_0001_LP] "C:\Documents and Settings\Tress\Local Settings\Temporary Internet Files\Content.IE5\03BDI1UG\WinFixer2005ScannerInstall[1].exe"

    O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
    O20 - Winlogon Notify: psole - C:\WINDOWS\repair\psole.dll (file missing)

  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

Thanks,
rstones12
  • 0

#3
ne0ngurl

ne0ngurl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I got to the part to run Vundo, and then HiJackThis runs but when I check

O4 - HKLM\..\Run: [NI.UWFX5_0001_LP] "C:\Documents and Settings\Tress\Local Settings\Temporary Internet Files\Content.IE5\03BDI1UG\WinFixer2005ScannerInstall[1].exe"

and try to fix checked, I get an unexpected error message.

Error #52(Bad file name or number) in sub GetLongPath(exe".exe).

I did happen to see a popup when the virus was detected and it was moved to a chest when Avast was run.

Could that affect it??


I also could not find these listed:

O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\repair\psole.dll (file missing)
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\awvtt.dll

Thank you. :tazz:
  • 0

#4
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
ne0ngurl,

OK, thanks for the info.

Please post a new HJT log and the results from the Active Scan by using Add Reply.

Thanks,
rstones12
  • 0

#5
ne0ngurl

ne0ngurl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I ran HijackThis again and this is the log:


When I ran it this morning, the files

O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\repair\psole.dll (file missing)
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system3

was there but when I ran vundofix in safe mode, it wasn't. I then booted up normally to run HiJackThis again and those files were not present.

I did try to delete the file with winfixer and I got the same error message again.

Thank you :tazz:



Logfile of HijackThis v1.99.1
Scan saved at 10:14:15 AM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tress\Desktop\Virus [bleep]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NI.UWFX5_0001_LP] "C:\Documents and Settings\Tress\Local Settings\Temporary Internet Files\Content.IE5\03BDI1UG\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093577944015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132882192765
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll (file missing)
O20 - Winlogon Notify: psole - C:\WINDOWS\repair\psole.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  • 0

#6
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
ne0ngurl,

OK, a few things we need to do....

Please read "ALL" of the instructions before proceeding:

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop.

This process will take a few steps, please take your time and follow the directions in the order posted.
If you don't understand something please ask before performing any task..

First lets do this:

Backup the registry by going to Start > Run and type "regedit" without the quotes. Then on the File menu choose Export. Export that file to your Desktop. Do not do anything with it just yet and don't delete it.

Now do the following:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Now close Ewido Security Suite, dont run a scan just yet we will shortly.

Open HijackThis and perform a scan only, then place a checkmark next to each of the following items:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll (file missing)
O20 - Winlogon Notify: psole - C:\WINDOWS\repair\psole.dll (file missing)

Close all browsers and open windows except for HijackThis, then click the Fix Checked button. Close HijackThis.

Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixthis.reg

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NI.UWFX5_0001_LP"=-

Locate fixthis.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to "Merged Successfully."


Please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Now open the Ewido Security Suite.
*Important*: When you run the Ewido scan do not open any other programs or windows this will cause a conflict with the cleaning process. The scan will take a bit, so just let it run to completion.

Once in Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot your system back into Normal Mode and post the contents of the Ewido Scan and a new HijackThis log by using Add Reply.

Thanks,
rstones12
  • 0

#7
ne0ngurl

ne0ngurl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here are the results with the ewido scan:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:50:11 PM, 12/10/2005
+ Report-Checksum: 5FB8E70B

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.722:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.742:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.743:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.744:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.745:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.746:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.747:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.748:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.757:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.759:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.782:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.848:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.857:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.866:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.910:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.913:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.915:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.916:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.918:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.919:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.920:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.921:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.922:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.923:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.924:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.925:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.926:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.927:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.928:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.929:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.930:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.936:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.937:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.940:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.941:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.942:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.943:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.944:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.945:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.946:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.947:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.948:C:\Documents and Settings\Tress\Application Data\Mozilla\Firefox\Profiles\9zrya9zb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@e-2dj6wfl4oncjglo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@hlwd.valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@offers.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Tress\Cookies\tress@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Cleaned with backup


::Report End


----------------------------

and this is the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:52:23 PM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Tress\Desktop\Virus [bleep]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093577944015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132882192765
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

#8
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
ne0ngurl,

That looks much better... :tazz:

How is your system running?

Thanks,
rstones12
  • 0

#9
ne0ngurl

ne0ngurl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry for the delay in response, my system is working great.

Thank you for the help! :tazz:
  • 0

#10
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
ne0ngurl,

Please take some time and read through the following information..

Here are some items that you will want to add to your to-do list:

These are some tips to reduce the potential for Spyware/Adware/Virus infection in the future:
I would strongly recommend reviewing and installing the following applications if you don't currently have them running on your system:

Use Anti-Virus Software
It is very important that your computer has Anti-Virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online and stand-alone Anti-Virus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software
It is imperative that you update your Anti-Virus software at least once a week (Even more if you wish). If you do not update your Anti-Virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewall's and a listing of some available ones see the link below:
Understanding and Using Firewall's

Spyware/Adware Detection and Removal Programs:
Understanding Spyware, Browser Hijackers, and DialersAd-Aware SEIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Ad-Aware SE
How to use Ad-Aware SE to remove Spyware
[/list]Spybot S&DIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Spybot S&D
How to use Spybot to remove Spyware
[/list]I strongly recommend using both of these programs to catch most spyware/adware

Prevention Programs:
  • SpywareBlaster -- SpywareBlaster will prevent spyware from being installed.
  • SpywareGuard -- SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad -- IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts File -- The MVPS Hosts File replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar -- Get the free Google Toolbar to help stop pop up windows.
Other Necessary Programs:
  • A More Secure Browser
    Internet Explorer is not the most secure and best browser.
    There are safer and better alternatives available. I recommend using Firefox
Be sure to also keep up with Windows and IE updates.

Windows Security and Critical Updates
http://update.microsoft.com/windowsupdate/v6/default.aspx

Internet Explorer Security and Critical Updates
http://www.microsoft.com/windows/ie/default.asp

And also see TonyKlein's good advice
So how did I get infected in the first place?

Update all these Programs Regularly:Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically.
Thanks,
rstones12
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP