Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please Help. Look2Me and lots of flash popups on desktop [RESOLVED]

Started by thechi , Dec 29 2005 04:11 PM

Page 5 of 8
3
4
5
6
7

This topic is locked

#61
Michelle

Posted 06 January 2006 - 12:23 AM

Malware Removal Goddess

Retired Staff
8,928 posts

Hello thechi :tazz:

We're going to do something a bit different. Please read these instructions carefully. Also print them out so that you're sure all are followed.

First, delete the l2mfix.exe and delete the l2mfix folder. I'm not sure if it has been updated since you downloaded so we want to make sure it's the most recent one.

Please download l2mfix.exe from here:

http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts. Don't run it yet!

Close all programs and windows.

Open HijackThis, but do NOT scan for a log. Just leave it open on your desktop. Then go into the l2mfix folder, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. When you get to the point where it tells you to press any key to reboot, do NOT press any key yet. Instead, click on HijackThis to activate it. Choose "Do a system scan only", and look for an O20 entry. It will look something like this:

O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\lv8q09l5e.dll

It won't be exactly the same, but it will be listed as an O20 and it will have some random, mumbo jumbo file name in the system32 folder.

Put a check next to it in HiJackThis. Click the "Fix Checked" button, then close HijackThis. Then, single click on the L2mFix window to make it the "active window" and press a key to let L2mFix reboot the machine.

After you reboot, please give me an Option 1 log from l2mfix, and a new HiJackThis log

#62
thechi

Posted 06 January 2006 - 01:53 AM

Member

Topic Starter
Member
84 posts

hi michelle.. sorry it took me a bit to get back... have a little one sick over here. here are the logs.

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
"Asynchronous"=dword:00000000
"DllName"="C:\\Program Files\\Common Files\\Stardock\\mcpstub.dll"
"Startup"="MCPSystemStartup"
"Logon"="MCPLogonStartup"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
"Asynchronous"=dword:00000000
"DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll"
"Startup"="StartSys"
"Logon"="StartWB"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{65756541-C65C-11CD-0000-4B656E696100}"="Panda Antivirus"
"{2F5AC606-70CF-461C-BFE1-734234536262}"="WindowBlinds CPL Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}"="Allaire FTP & RDS"
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}"="eLicense Control"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{62C114DC-AFB2-44D5-885A-18BCFA1F13DF}"="CFi ShellToys Display Properties Extension"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
bassmod.dll Sun Nov 27 2005 4:27:06a A.... 15,360 15.00 K
gccoll~1.dll Tue Nov 15 2005 12:12:08p A.... 126,680 123.71 K
gcunco~1.dll Tue Nov 15 2005 12:12:06p A.... 95,448 93.21 K
hashlib.dll Tue Nov 15 2005 12:12:08p A.... 117,976 115.21 K
openal32.dll Wed Nov 23 2005 9:37:58p A.... 81,920 80.00 K
wininet0.dll Wed Dec 21 2005 11:09:48p A.... 656,384 641.00 K
wrap_oal.dll Wed Nov 23 2005 9:37:58p A.... 233,472 228.00 K

7 items found: 7 files, 0 directories.
Total of file sizes: 1,327,240 bytes 1.27 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
pav2.tmp Wed Dec 21 2005 3:53:50p ..... 656,384 641.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 656,384 bytes 641.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C is Local Disk
Volume Serial Number is C4BB-70EE

Directory of C:\WINDOWS\System32

11/09/2005 05:56 PM 10,022 KGyGaAvL.sys
12/20/2004 08:44 AM 1,521 mmf.sys
09/11/2004 04:58 PM <DIR> Microsoft
2 File(s) 11,543 bytes
1 Dir(s) 1,654,018,048 bytes free

Logfile of HijackThis v1.99.1
Scan saved at 2:51:18 AM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\PopNot\PopNot.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BootXP2\BootXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Popup XP\PopupXP.exe
C:\Program Files\Popup XP\PopupXPWebC.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\CHICO\Desktop\hijack\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\prefs.js)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [PNSetup] C:\Program Files\PopNot\PNSetup.exe
O4 - HKLM\..\Run: [PopNot] C:\Program Files\PopNot\PopNot.exe auto
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootXP] C:\Program Files\BootXP2\BootXP.exe /min /change
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_69b7.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Popup XP.LNK = C:\Program Files\Popup XP\PopupXP.exe
O8 - Extra context menu item: Allow Site's Pop-&ups - file://C:\Program Files\PopNot\trustsite.script
O8 - Extra context menu item: Always &Kill this Pop-up - file://C:\Program Files\PopNot\blocksite.script
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

hope i did this correctly. thanks.

#63
Michelle

Posted 06 January 2006 - 09:10 AM

Malware Removal Goddess

Retired Staff
8,928 posts

There we go

Yes, you did it correctly, good work :tazz:

We're going to update Ewido definitions and run it.

Open Ewido.

On the left hand side of the main screen click update
Click on Start

The update will start and a progress bar will show the updates being installed.

After the updates are installed close Ewido.

Then please do this:

Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Now open Ewido.
Click on scanner
Click Complete System Scan
Let the program scan the machine

While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report
Save the report to your desktop
Exit Ewido

Reboot into normal mode.

Please post the contents of the Ewido report.

#64
thechi

Posted 06 January 2006 - 01:35 PM

Member

Topic Starter
Member
84 posts

ok, i'm about to reboot into safe-mode and run ewido now. sorry about the repeating posts... i am not quite sure how that happened. i will post an ewido report in a bit. thanks.

#65
thechi

Posted 06 January 2006 - 04:23 PM

Member

Topic Starter
Member
84 posts

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:57:08 PM, 1/6/2006
+ Report-Checksum: D818E43D

+ Scan result:

HKLM\SOFTWARE\PSGuard.com -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Spyware.PSGuard : Cleaned with backup
C:\!KillBox\awiiiexx.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\dxlay.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\iosutil.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\lv6609jse.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\mncorier.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\mvcsubs.dll -> Spyware.Look2Me : Cleaned with backup
:mozilla.29:C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.30:C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.47:C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.60:C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.23:C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CHICO\Local Settings\Temp\bw2.com -> Spyware.Zestyfind : Cleaned with backup
C:\Documents and Settings\CHICO\Local Settings\Temporary Internet Files\Content.IE5\LZCVXE8W\AppWrap[1].exe -> Spyware.Zestyfind : Cleaned with backup
C:\Documents and Settings\CHICO\Local Settings\Temporary Internet Files\Content.IE5\VEJTK640\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\CHICO\Local Settings\Temporary Internet Files\Content.IE5\WDG9129S\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
:mozilla.7:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
:mozilla.19:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.20:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.21:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.22:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.23:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.24:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.25:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.42:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Doubleclick : Error during cleaning
:mozilla.59:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
:mozilla.60:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
:mozilla.61:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.62:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.63:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.64:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.65:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.66:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.67:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Addynamix : Error during cleaning
:mozilla.79:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.80:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.81:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.82:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.83:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.101:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Bridgetrack : Error during cleaning
:mozilla.102:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Bridgetrack : Error during cleaning
:mozilla.103:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Bridgetrack : Error during cleaning
:mozilla.110:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
:mozilla.113:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.114:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.115:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.116:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.117:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.118:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.119:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.120:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Burstnet : Error during cleaning
:mozilla.130:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
:mozilla.131:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
:mozilla.132:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
:mozilla.133:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.135:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adtech : Error during cleaning
:mozilla.136:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.137:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adtech : Error during cleaning
:mozilla.139:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.141:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.145:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.146:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.147:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.148:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.149:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.150:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.151:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.152:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.153:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.154:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.155:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.156:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.157:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.158:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.159:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.160:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.161:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.162:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.163:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.164:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.165:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.166:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.167:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.168:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.169:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.170:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.171:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.172:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.173:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.174:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.175:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.176:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.177:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.178:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.179:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.180:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.181:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.182:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.183:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.184:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.185:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.186:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.187:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.188:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.189:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.190:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.191:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.192:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.193:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.194:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.195:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.196:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.197:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.198:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Advertising : Error during cleaning
:mozilla.199:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.216:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.217:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.218:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.219:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.220:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.221:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.222:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.223:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.228:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.229:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.230:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.231:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.232:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.233:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.246:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Burstbeacon : Error during cleaning
:mozilla.261:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.262:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.263:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.265:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.266:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.267:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.268:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.269:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.270:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.273:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Yieldmanager : Error during cleaning
:mozilla.274:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Yieldmanager : Error during cleaning
:mozilla.275:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Yieldmanager : Error during cleaning
:mozilla.292:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Linksynergy : Error during cleaning
:mozilla.293:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Linksynergy : Error during cleaning
:mozilla.296:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.298:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.311:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Qksrv : Error during cleaning
:mozilla.312:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Qksrv : Error during cleaning
:mozilla.315:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.316:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.317:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.318:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.319:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.320:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.321:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.322:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.323:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.324:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.325:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.326:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.337:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Bluestreak : Error during cleaning
:mozilla.343:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Masterstats : Error during cleaning
:mozilla.345:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Tradedoubler : Error during cleaning
:mozilla.346:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Tradedoubler : Error during cleaning
:mozilla.350:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
:mozilla.353:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
:mozilla.355:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Questionmarket : Error during cleaning
:mozilla.362:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Paycounter : Error during cleaning
:mozilla.365:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Adbrite : Error during cleaning
:mozilla.376:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.377:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.378:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.379:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.380:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.381:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.382:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.383:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.384:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.385:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.386:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.387:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.394:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.395:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.396:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.397:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.415:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.416:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.417:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.418:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.419:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.421:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.422:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.430:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Ru4 : Error during cleaning
:mozilla.431:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Ru4 : Error during cleaning
:mozilla.432:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Ru4 : Error during cleaning
:mozilla.433:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Ru4 : Error during cleaning
:mozilla.435:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.447:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Bfast : Error during cleaning
:mozilla.450:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.451:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.452:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.453:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.454:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.455:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.456:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.457:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.458:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.459:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.460:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.461:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.462:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.463:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.464:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.465:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.466:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.467:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.468:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.469:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.470:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.471:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.472:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.473:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.474:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.475:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.476:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.477:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.478:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.479:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.480:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.481:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.482:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.483:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.484:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.485:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.486:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.487:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.488:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.489:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.490:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.491:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.492:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.493:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.494:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.495:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.496:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.497:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.498:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.499:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.500:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.507:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.508:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.509:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.526:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.527:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.528:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.529:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.530:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.531:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.532:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.533:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.534:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.535:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.536:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.537:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.538:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.539:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.540:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.541:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.542:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.543:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.544:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.545:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.546:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.547:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.548:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.549:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.550:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.551:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.552:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.553:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.554:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.555:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.556:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.564:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.565:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.566:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.567:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.568:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.580:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
:mozilla.592:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.247realmedia : Error during cleaning
:mozilla.600:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
:mozilla.601:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
:mozilla.604:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Com : Error during cleaning
:mozilla.605:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Com : Error during cleaning
:mozilla.609:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.613:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Itrack : Error during cleaning
:mozilla.614:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.615:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.616:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Falkag : Error during cleaning
:mozilla.619:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.620:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.626:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.627:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.628:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.634:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.635:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.639:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.640:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Googleadservices : Error during cleaning
:mozilla.653:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Clickzs : Error during cleaning
:mozilla.686:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.687:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.696:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Clickzs : Error during cleaning
:mozilla.707:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Revenue : Error during cleaning
:mozilla.708:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.709:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.710:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.711:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.712:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.744:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.746:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.777:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Weborama : Error during cleaning
:mozilla.778:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Weborama : Error during cleaning
:mozilla.843:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.856:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Euniverseads : Error during cleaning
:mozilla.858:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_/cookies.txt -> Spyware.Cookie.Euniverseads : Error during cleaning
:mozilla.864:C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5

#66
Michelle

Posted 06 January 2006 - 04:44 PM

Malware Removal Goddess

Retired Staff
8,928 posts

In FireFix, go up to Tools > Options.
Click "Privacy"
Click "View Cookies"
Click "Remove All Cookies"
Click OK, click Ok again.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by restarting your computer and continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode and hit enter.

Now scan with HiJackThis and place a checkmark next to each of the following items and click FIX CHECKED:

O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_69b7.dll"

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Reboot back into Windows and go here: http://www.pandasoft.../activescan.htm
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log, and the contents of smitfiles.txt.

#67
thechi

Posted 07 January 2006 - 12:37 AM

Member

Topic Starter
Member
84 posts

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 01/06/2006
The current time is: 23:20:51.04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key present!

Running LTDFix/PSGuard.com fix!

PSGuard.com key was successfully removed!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

Remove Spyware.url

~~~ Favorites ~~~

~~~ system32 folder ~~~

logfiles

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 760 'explorer.exe'

Starting registry repairs

Deleting files

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

Logfile of HijackThis v1.99.1
Scan saved at 1:34:36 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\PopNot\PopNot.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Popup XP\PopupXP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Popup XP\PopupXPWebC.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\CHICO\Desktop\hijack\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\prefs.js)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [PNSetup] C:\Program Files\PopNot\PNSetup.exe
O4 - HKLM\..\Run: [PopNot] C:\Program Files\PopNot\PopNot.exe auto
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Popup XP.LNK = C:\Program Files\Popup XP\PopupXP.exe
O8 - Extra context menu item: Allow Site's Pop-&ups - file://C:\Program Files\PopNot\trustsite.script
O8 - Extra context menu item: Always &Kill this Pop-up - file://C:\Program Files\PopNot\blocksite.script
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

i can't do a pandascan.. i keep getting an 'error on page' error in MSIE. please advise.

*sorry it's taken me so long.. was having a problem with my internet connection. i'm ready to throw this whole laptop out the window. :tazz:

#68
Michelle

Posted 07 January 2006 - 01:11 AM

Malware Removal Goddess

Retired Staff
8,928 posts

I understand your frustration, but try not to worry :tazz:

We need to set your system to show hidden files:

Open Windows Explorer (right-click your Start button and choose "Explore")
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Then using Windows Explorer, look for the following files:

C:\WINDOWS\System32\sfg_69b7.dll
C:\WINDOWS\System32\wininet0.dll <-be careful with this one! Make sure it has the 0 in the name because there is a legitimate file named wininet.dll

Please delete them if found.

Then let's run SpySweeper instead:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

#69
thechi

Posted 07 January 2006 - 02:25 AM

Member

Topic Starter
Member
84 posts

was able to finally run Panda ActiveScan after i changed some settings in MSIE... and somehow it worked.... here's the report from that.

Incident Status Location

Adware:adware/look2me Not disinfected C:\Documents and Settings\CHICO\Desktop\Cheap Holiday Travel.url
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat
Adware:adware/cws.yexe Not disinfected C:\WINDOWS\SYSTEM32\Services
Adware:adware/isearch Not disinfected Windows Registry
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\p7jrx39m.Default User\cookies.txt[rightmedia.net/]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\Cache(2)\7B2AF665d01
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\Cache(2)\B2CB51A0d01
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\gix25k3w.default\Cache(2)\B2CB51E4d01
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\CHICO\Application Data\Mozilla\Firefox\Profiles\p7jrx39m.Default User\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CHICO\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CHICO\Desktop\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CHICO\Desktop\sc.s\anti_spy\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CHICO\Desktop\sc.s\anti_spy\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CHICO\Desktop\sc.s\anti_spy\smit\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CHICO\Desktop\sc.s\anti_spy\win32delfkil\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CHICO\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CHICO\Desktop\smitRem.exe[Process.exe]
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\support.com\client\backup\7B\7B2AF665d01\17582_5c96a2a64_[7B2AF665d01]
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\support.com\client\backup\B2\B2CB51A0d01\17586_5e9760660_[B2CB51A0d01]
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\support.com\client\backup\B2\B2CB51E4d01\17586_5f83953bb_[B2CB51E4d01]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[53312104]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[6038405]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[78455362]
Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[47329833]
Spyware:Cookie/Bfast Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[52262088]
Spyware:Cookie/2o7.net Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[dcs96a5e66twkf45nnt6tyv4x_1d9z]
Spyware:Cookie/64.62.232 Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[S145576]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[S148222]
Spyware:Cookie/Kount Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[3886454]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[21766019]
Spyware:Cookie/Qsrch Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\102911_5bf60e8db_[]
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[53312104]
Spyware:Cookie/PayCounter Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[dcsy3lcxa11e5ha1xaws2ofy7_5b2x]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[62455627]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[LPrjbtelcom]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[S121071]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[S139295]
Spyware:Cookie/web-stat Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[6038405]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[78455362]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[47329833]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[52262088]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[dcs96a5e66twkf45nnt6tyv4x_1d9z]
Spyware:Cookie/64.62.232 Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[S145576]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\109593_5b1fe47a1_[]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[58744103]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[57772122]
Spyware:Cookie/SexList Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[LPrjbtelcom]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[52262088]
Spyware:Cookie/Tucows Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[53312104]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\111783_54a60dd7f_[]
Spyware:Cookie/2o7.net Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[LPrjbtelcom]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[52262088]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[53312104]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[dcsy3lcxa11e5ha1xaws2ofy7_5b2x]
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[62455627]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[S121071]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[S139295]
Spyware:Cookie/web-stat Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\117092_5fe165b94_[6038405]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\35190_536c012de_[]
Spyware:Cookie/Rightmedia Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\93358_50fb231e1_[]
Spyware:Cookie/2o7.net Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\93358_5bf40ca0c_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\93358_5bf40ca0c_[44273822]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\93358_5bf40ca0c_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\93358_5bf40ca0c_[44273822]
Spyware:Cookie/WebPower Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\93358_5bf40ca0c_[]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\94830_5bc9914e2_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\94830_5bc9914e2_[LPrjbtelcom]
Spyware:Cookie/Ask Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\94830_5bc9914e2_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\94830_5bc9914e2_[53312104]
Spyware:Cookie/RealTracker Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\94830_5bc9914e2_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\94830_5bc9914e2_[27722763]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\94830_5bc9914e2_[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\94830_5bc9914e2_[78354878]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\99318_5e113d6c7_[]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\99318_5e113d6c7_[59626468]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\client\backup\co\cookies.txt\99318_5e113d6c7_[]
Hacktool:Hacktool/Yahoopsw.D Not disinfected C:\Program Files\Yahoo Message Archive Decoder\yahoopwd.exe
Adware:Adware/Veevo Not disinfected C:\WINDOWS\system32\KDP0a2e.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

should i know do what you instructed in your last post? i'll wait for your response. thanks.

#70
Michelle

Posted 07 January 2006 - 02:28 AM

Malware Removal Goddess

Retired Staff
8,928 posts

Yes, please, go ahead and follow the instructions in my last post and SpySweeper will clean out most if not all of what ActiveScan found :tazz:

#71
thechi

Posted 08 January 2006 - 07:15 PM

Member

Topic Starter
Member
84 posts

ok, I was able to remove wininet0.dll but not sfg_69b7.dll

and here's the log for SpySweeper...

********
1:00 PM: | Start of Session, Saturday, January 07, 2006 |
1:00 PM: Spy Sweeper started
1:00 PM: Sweep initiated using definitions version 597
1:00 PM: Starting Memory Sweep
1:02 PM: Memory Sweep Complete, Elapsed Time: 00:02:32
1:02 PM: Starting Registry Sweep
1:02 PM: Found Adware: linkmaker
1:02 PM: HKLM\software\uvcep\ (5 subtraces) (ID = 129749)
1:02 PM: Found Adware: websearch toolbar
1:02 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
1:02 PM: Found Adware: safeguard protect
1:02 PM: HKLM\software\safeguard protect\ (4 subtraces) (ID = 879722)
1:02 PM: Found Adware: dollarrevenue
1:02 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
1:02 PM: Found Adware: command
1:02 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
1:02 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
1:02 PM: Found Adware: drsnsrch.com hijack
1:02 PM: HKU\S-1-5-21-1687362960-3871003454-1726878895-1005\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
1:02 PM: HKU\S-1-5-21-1687362960-3871003454-1726878895-1005\software\safeguard protect\ (10 subtraces) (ID = 832657)
1:02 PM: Registry Sweep Complete, Elapsed Time:00:00:12
1:03 PM: Starting Cookie Sweep
1:03 PM: Found Spy Cookie: atwola cookie
1:03 PM: chico@atwola[1].txt (ID = 2255)
1:03 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
1:03 PM: Starting File Sweep
1:03 PM: Found System Monitor: win-spy monitor
1:03 PM: c:\windows\dll (ID = -2147480025)
1:03 PM: c:\windows\system32\dll (ID = -2147480023)
1:05 PM: Found Adware: look2me
1:05 PM: a0093422.exe (ID = 65722)
1:07 PM: a0093410.exe (ID = 65721)
1:10 PM: Found Adware: tibs dialer
1:10 PM: hot.lnk (ID = 79312)
1:18 PM: a0091878.dll (ID = 159)
1:20 PM: a0091911.dll (ID = 159)
1:20 PM: a0091897.dll (ID = 159)
1:20 PM: a0091930.dll (ID = 159)
1:20 PM: a0092028.dll (ID = 159)
1:22 PM: a0093503.dll (ID = 159)
1:24 PM: a0091920.dll (ID = 159)
1:24 PM: a0091941.dll (ID = 159)
1:24 PM: a0092033.dll (ID = 159)
1:25 PM: a0093474.dll (ID = 159)
1:26 PM: a0091946.dll (ID = 159)
1:26 PM: a0092015.dll (ID = 159)
1:26 PM: a0092029.dll (ID = 159)
1:27 PM: a0092030.dll (ID = 159)
1:27 PM: sfg_51cc.dll (ID = 74246)
1:27 PM: a0091962.dll (ID = 159)
1:27 PM: a0091953.dll (ID = 159)
1:27 PM: a0092032.dll (ID = 159)
1:31 PM: Found Trojan Horse: trojan-downloader-dh
1:31 PM: dh9013.exe (ID = 208497)
1:31 PM: sfg_01d1.dll (ID = 164073)
1:31 PM: a0093741.exe (ID = 65722)
1:31 PM: a0093742.exe (ID = 65721)
1:32 PM: a0091906.dll (ID = 159)
1:32 PM: a0092107.dll (ID = 159)
1:32 PM: a0092034.dll (ID = 159)
1:33 PM: a0093502.dll (ID = 159)
1:33 PM: a0091877.dll (ID = 159)
1:33 PM: a0092031.dll (ID = 159)
1:33 PM: a0092094.dll (ID = 159)
1:33 PM: a0093117.dll (ID = 159)
1:33 PM: a0092011.dll (ID = 159)
1:33 PM: a0093444.dll (ID = 159)
1:33 PM: a0092024.dll (ID = 159)
1:33 PM: a0092043.dll (ID = 159)
1:34 PM: a0093443.dll (ID = 159)
1:34 PM: a0093442.dll (ID = 159)
1:34 PM: a0093441.dll (ID = 159)
1:34 PM: a0093440.dll (ID = 159)
1:34 PM: a0093439.dll (ID = 159)
1:34 PM: a0093107.dll (ID = 159)
1:34 PM: a0092104.dll (ID = 159)
1:34 PM: a0092116.dll (ID = 159)
1:34 PM: a0093740.dll (ID = 159)
1:34 PM: a0093739.dll (ID = 159)
1:34 PM: a0093738.dll (ID = 159)
1:34 PM: a0093737.dll (ID = 159)
1:34 PM: a0093736.dll (ID = 159)
1:34 PM: a0093735.dll (ID = 159)
1:34 PM: a0093536.dll (ID = 159)
1:35 PM: a0091854.dll (ID = 159)
1:38 PM: a0093707.dll (ID = 159)
1:40 PM: Found Adware: netpal
1:40 PM: big fish games.url (ID = 70885)
1:40 PM: flyordie games.url (ID = 70890)
1:40 PM: drsmartload.dat (ID = 198788)
1:40 PM: Warning: Failed to access drive D:
1:40 PM: Warning: Failed to access drive D:
1:40 PM: Found System Monitor: potentially rootkit-masked files
1:40 PM: osn ______________________________________________________________________________________________.htm (ID = 0)
1:43 PM: Warning: Invalid Stream
1:43 PM: Warning: Invalid Stream
1:43 PM: File Sweep Complete, Elapsed Time: 00:40:38
1:43 PM: Full Sweep has completed. Elapsed time 00:43:37
1:43 PM: Traces Found: 111
3:14 AM: Removal process initiated
3:15 AM: Quarantining All Traces: look2me
3:15 AM: Quarantining All Traces: potentially rootkit-masked files
3:15 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
3:15 AM: osn ______________________________________________________________________________________________.htm is in use. It will be removed on reboot.
3:15 AM: Quarantining All Traces: websearch toolbar
3:15 AM: Quarantining All Traces: win-spy monitor
3:15 AM: Quarantining All Traces: tibs dialer
3:15 AM: Quarantining All Traces: trojan-downloader-dh
3:15 AM: Quarantining All Traces: command
3:15 AM: Quarantining All Traces: dollarrevenue
3:15 AM: Quarantining All Traces: drsnsrch.com hijack
3:15 AM: Quarantining All Traces: linkmaker
3:15 AM: Quarantining All Traces: netpal
3:15 AM: Quarantining All Traces: safeguard protect
3:15 AM: Quarantining All Traces: atwola cookie
3:16 AM: Removal process completed. Elapsed time 00:01:24
********
12:56 PM: | Start of Session, Saturday, January 07, 2006 |
12:56 PM: Spy Sweeper started
12:58 PM: Your spyware definitions have been updated.
1:00 PM: | End of Session, Saturday, January 07, 2006 |

#72
Michelle

Posted 08 January 2006 - 08:27 PM

Malware Removal Goddess

Retired Staff
8,928 posts

Hello thechi :tazz:

Please run Killbox delete on reboot for these 2 files:

C:\WINDOWS\system32\KDP0a2e.dll
C:\WINDOWS\System32\sfg_69b7.dll

After reboot, please delete the following manually:

C:\WINDOWS\SYSTEM32\Services <-Folder. Make sure NOT to delete the services file just this folder.

C:\Documents and Settings\CHICO\Desktop\Cheap Holiday Travel.url

Then post a new HiJackThis log for me and let me know if you're having any other problems

#73
thechi

Posted 08 January 2006 - 09:03 PM

Member

Topic Starter
Member
84 posts

C:\WINDOWS\System32\sfg_69b7.dll 'seems to not exist' - KillBox

Logfile of HijackThis v1.99.1
Scan saved at 10:02:07 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\PopNot\PopNot.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Popup XP\PopupXP.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Popup XP\PopupXPWebC.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\CHICO\Desktop\hijack\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CHICO\Application Data\Mozilla\Profiles\default\40l8skcn.slt\prefs.js)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [PNSetup] C:\Program Files\PopNot\PNSetup.exe
O4 - HKLM\..\Run: [PopNot] C:\Program Files\PopNot\PopNot.exe auto
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Popup XP.LNK = C:\Program Files\Popup XP\PopupXP.exe
O8 - Extra context menu item: Allow Site's Pop-&ups - file://C:\Program Files\PopNot\trustsite.script
O8 - Extra context menu item: Always &Kill this Pop-up - file://C:\Program Files\PopNot\blocksite.script
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

i seem to be getting this very small, just a fraction of a web browser and whn i open it up ful size, can't right click in it to get properties. so i don't know where that's from. other than that... still can't get to my D drive in windows. thanks.

#74
Michelle

Posted 08 January 2006 - 10:14 PM

Malware Removal Goddess

Retired Staff
8,928 posts

What exactly does it say when you try to access your D: drive?

Go to Start > Run and paste the following into the box:

regedit /e c:\reg.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies"

Click OK.

Do the same for this one:

regedit /e c:\reg1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies"

Then go to Start > My Computer and double-click your C: drive and locate reg.txt and reg1.txt, open each one and paste the contents into your next reply, please.

#75
thechi

Posted 09 January 2006 - 12:01 AM

Member

Topic Starter
Member
84 posts

I have no idea how.... but i can access it now. I AM SOOOO HAPPY! One other thing though... I am still getting tons of spam in my email (i'm using thunderbird as the email client). they all seem to come at the same time. for instance... i just got 8 of them at one, all coming in at the same time. so it seems as though they are coming from somewhere from on my computer.

reg.txt:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000
"NoHTMLWallPaper"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoFolderOptions"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

reg1.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Ratings]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

Edited by thechi, 09 January 2006 - 01:45 AM.