Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help with HijackThis Log


  • This topic is locked This topic is locked
21 replies to this topic

#1 wildviper

wildviper

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 December 2005 - 02:49 AM

Help,
It has been a long time since I have had any issues; one year+. I have been having an issue with a website that trys to load. I ran Adaware to fix the scumware. I then scanned my computer for a virus. I hadn't done so for a while since my firewall was working so well. (I use CA's EZ Firewall for Road Runner). Well, the scan found 20 infected files and took care of them. However, I have one final website that won't stop trying to pop up at login: http://downloads.the...entone.com.html

Please help.

Here is my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 2:40:06 AM, on 12/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\WINRAR32.EXE
C:\WINDOWS\itunes.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\hijackthis2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.absdiet.c...p?source=rodale
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vtutq.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Winrar Compression Utility] WINRAR32.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Java] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\RunServices: [EUSU0] C:\DOCUME~1\Jessica\LOCALS~1\Temp\EUSU0.EXE
O4 - HKLM\..\RunServices: [PEET1] C:\DOCUME~1\Jessica\LOCALS~1\Temp\PEET1.EXE
O4 - HKLM\..\RunServices: [CIER2] C:\DOCUME~1\Jessica\LOCALS~1\Temp\CIER2.EXE
O4 - HKLM\..\RunServices: [JOAT0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\RunServices: [DVCK1] C:\DOCUME~1\Julian\LOCALS~1\Temp\DVCK1.EXE
O4 - HKLM\..\RunServices: [EEAS2] C:\DOCUME~1\Julian\LOCALS~1\Temp\EEAS2.EXE
O4 - HKLM\..\RunServices: [JLXP0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JLXP0.EXE
O4 - HKLM\..\RunServices: [LWNX1] C:\DOCUME~1\Julian\LOCALS~1\Temp\LWNX1.EXE
O4 - HKLM\..\RunServices: [FGCL2] C:\DOCUME~1\Julian\LOCALS~1\Temp\FGCL2.EXE
O4 - HKLM\..\RunServices: [LTRR0] C:\DOCUME~1\Julian\LOCALS~1\Temp\LTRR0.EXE
O4 - HKLM\..\RunServices: [QMQD1] C:\DOCUME~1\Julian\LOCALS~1\Temp\QMQD1.EXE
O4 - HKLM\..\RunServices: [BMDJ2] C:\DOCUME~1\Julian\LOCALS~1\Temp\BMDJ2.EXE
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [qkzi] C:\PROGRA~1\COMMON~1\qkzi\qkzim.exe
O4 - HKCU\..\RunOnce: [Winrar Compression Utility] WINRAR32.EXE
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134411168407
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtutq - C:\WINDOWS\SYSTEM32\vtutq.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 December 2005 - 09:54 AM

wildviper,

Sorry for the delay but we have been up to our ears in logs. You have a Vundo Infection amongst other things, I would like you to clean out all your temp files by doing this.

SHOW HIDDEN FILES AND FOLDERS

* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK

* Don't forget to reverse this once your computer is clean



* Clean out your TEMP FILES
* This procedure should be run from SAFEMODE for better results.

To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

* Go to My Computer/ C: Drive/ Documents and Settings/ Local Settings/ Every User on this Computer
and delete all the contents of the Temp Folder

* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp Folder

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder.
But not the Prefetch folder itself.

NOW RE-BOOT NORMALLY


* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin


Now run HJT and post a new log please as your system may have changed and we will start working on the fix.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 wildviper

wildviper

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 29 December 2005 - 08:12 PM

I understand. Thank you for the help. Here is the new log file.


Logfile of HijackThis v1.99.1
Scan saved at 8:11:32 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\WINRAR32.EXE
C:\WINDOWS\itunes.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\hijackthis2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.absdiet.c...p?source=rodale
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vtutq.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Winrar Compression Utility] WINRAR32.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Java] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\RunServices: [EUSU0] C:\DOCUME~1\Jessica\LOCALS~1\Temp\EUSU0.EXE
O4 - HKLM\..\RunServices: [PEET1] C:\DOCUME~1\Jessica\LOCALS~1\Temp\PEET1.EXE
O4 - HKLM\..\RunServices: [CIER2] C:\DOCUME~1\Jessica\LOCALS~1\Temp\CIER2.EXE
O4 - HKLM\..\RunServices: [JOAT0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\RunServices: [DVCK1] C:\DOCUME~1\Julian\LOCALS~1\Temp\DVCK1.EXE
O4 - HKLM\..\RunServices: [EEAS2] C:\DOCUME~1\Julian\LOCALS~1\Temp\EEAS2.EXE
O4 - HKLM\..\RunServices: [JLXP0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JLXP0.EXE
O4 - HKLM\..\RunServices: [LWNX1] C:\DOCUME~1\Julian\LOCALS~1\Temp\LWNX1.EXE
O4 - HKLM\..\RunServices: [FGCL2] C:\DOCUME~1\Julian\LOCALS~1\Temp\FGCL2.EXE
O4 - HKLM\..\RunServices: [LTRR0] C:\DOCUME~1\Julian\LOCALS~1\Temp\LTRR0.EXE
O4 - HKLM\..\RunServices: [QMQD1] C:\DOCUME~1\Julian\LOCALS~1\Temp\QMQD1.EXE
O4 - HKLM\..\RunServices: [BMDJ2] C:\DOCUME~1\Julian\LOCALS~1\Temp\BMDJ2.EXE
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [qkzi] C:\PROGRA~1\COMMON~1\qkzi\qkzim.exe
O4 - HKCU\..\RunOnce: [Winrar Compression Utility] WINRAR32.EXE
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://www.bardownlo.../cabs/movie.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134411168407
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtutq - C:\WINDOWS\SYSTEM32\vtutq.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 30 December 2005 - 07:03 AM

Good Morning wildviper :D

Most of the fix will be in Safemode so you wont be able to access these instructions so I suggest you print them out. Be sure to read over the instructions, if there is anything you don't understand, please post back and ask.


You have Ewido installed, check for updates but dont run it yet.

The first thing we are going to do is get rid of the Vundo Infection. The fix is not hard but its important that you insert the two files that it will ask you for correctly. I would suggest that you copy these two files and save them in Notepad to your desktop so that you will have access to them while in Safemode, then you can just copy and paste the entire path to the file into the fix when it asks you for them. Please note that the second file is the same as the first file only backwards and includes .*

C:\WINDOWS\system32\vtutq.dll <--First file
C:\WINDOWS\system32\qtutv.* <-- Second File

Here we go......

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\vtutq.dll

  • Press Enter to continue with the fix.

  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\qtutv.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vtutq.dll
    O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe
    O4 - HKLM\..\RunServices: [EUSU0] C:\DOCUME~1\Jessica\LOCALS~1\Temp\EUSU0.EXE
    O4 - HKLM\..\RunServices: [PEET1] C:\DOCUME~1\Jessica\LOCALS~1\Temp\PEET1.EXE
    O4 - HKLM\..\RunServices: [CIER2] C:\DOCUME~1\Jessica\LOCALS~1\Temp\CIER2.EXE
    O4 - HKLM\..\RunServices: [JOAT0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
    O4 - HKLM\..\RunServices: [DVCK1] C:\DOCUME~1\Julian\LOCALS~1\Temp\DVCK1.EXE
    O4 - HKLM\..\RunServices: [EEAS2] C:\DOCUME~1\Julian\LOCALS~1\Temp\EEAS2.EXE
    O4 - HKLM\..\RunServices: [JLXP0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JLXP0.EXE
    O4 - HKLM\..\RunServices: [LWNX1] C:\DOCUME~1\Julian\LOCALS~1\Temp\LWNX1.EXE
    O4 - HKLM\..\RunServices: [FGCL2] C:\DOCUME~1\Julian\LOCALS~1\Temp\FGCL2.EXE
    O4 - HKLM\..\RunServices: [LTRR0] C:\DOCUME~1\Julian\LOCALS~1\Temp\LTRR0.EXE
    O4 - HKLM\..\RunServices: [QMQD1] C:\DOCUME~1\Julian\LOCALS~1\Temp\QMQD1.EXE
    O4 - HKLM\..\RunServices: [BMDJ2] C:\DOCUME~1\Julian\LOCALS~1\Temp\BMDJ2.EXE
    O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
    O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) -
    http://www.bardownlo.../cabs/movie.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) -
    http://musicstore.co...ALStreaming.cab
    O20 - Winlogon Notify: vtutq - C:\WINDOWS\SYSTEM32\vtutq.dll
  • After you have fixed these items, close Hijackthis.

    Now while in Safemode, do this..
    SHOW HIDDEN FILES AND FOLDERS

    * Click on MY COMPUTER
    * Then on your C: Drive
    * Then to TOOLS/ FOLDER OPTIONS/ VIEW
    * Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
    * Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
    * Then APPLY/ OK

    * Don't forget to reverse this once your computer is clean

    Look for and delete the files I have marked in Red

    C:\WINDOWS\itunes.exe
    C:\WINDOWS\system32\vtutq.dll
    C:\WINDOWS\system32\qtutv.*

    Run Ewido in Safemode.
    Now open Ewido
    o Click on scanner.
    o Run a full system scan
    o Let the program scan the machine.
    o While the scan is in progress you will be prompted to clean files, click OK.
    o Select Perform action on all infections
    o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
    o Click Save report.
    o Save the report to your desktop.



    Reboot normally
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder and the report from Ewido into this topic.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 wildviper

wildviper

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 31 December 2005 - 01:50 AM

Ok, here are the results.
Active Scan

Incident Status Location

Virus:W32/Oscarbot.BN.worm Not disinfected Operating system
Adware:adware/delfinmedia Not disinfected C:\PROGRAM FILES\COMMON FILES\remove_tools.html
Adware:adware/sqwire Not disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat
Adware:adware/sidesearch Not disinfected C:\WINDOWS\sepsd.bin
Adware:adware/ezula Not disinfected C:\WINDOWS\woinstall.exe
Adware:adware/midaddle Not disinfected C:\PROGRAM FILES\COMMON FILES\midaddle
Adware:adware/startpage.amb Not disinfected C:\Documents and Settings\Julian\Favorites\Insurance
Adware:adware/cws Not disinfected C:\Documents and Settings\Julian\Favorites\Technology
Adware:adware/qoologic Not disinfected Windows Registry
Possible Virus. Not disinfected C:\Documents and Settings\Jessica\1
Possible Virus. Not disinfected C:\Documents and Settings\Julian\1
Virus:Trj/Multidropper.AOY Not disinfected C:\maem.exe
Adware:Adware/DelFinMedia Not disinfected C:\Program Files\Common Files\remove_tools.html
Adware:Adware Program Not disinfected C:\Program Files\Hijack This\backups\backup-20040921-220650-222.inf
Possible Virus. Not disinfected C:\re.exe
Possible Virus. Not disinfected C:\rep.exe



Logfile of HijackThis v1.99.1
Scan saved at 1:44:18 AM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\itunes.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack This\hijackthis2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.absdiet.c...p?source=rodale
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vtutq.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Java] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\RunServices: [EUSU0] C:\DOCUME~1\Jessica\LOCALS~1\Temp\EUSU0.EXE
O4 - HKLM\..\RunServices: [PEET1] C:\DOCUME~1\Jessica\LOCALS~1\Temp\PEET1.EXE
O4 - HKLM\..\RunServices: [CIER2] C:\DOCUME~1\Jessica\LOCALS~1\Temp\CIER2.EXE
O4 - HKLM\..\RunServices: [JOAT0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\RunServices: [DVCK1] C:\DOCUME~1\Julian\LOCALS~1\Temp\DVCK1.EXE
O4 - HKLM\..\RunServices: [EEAS2] C:\DOCUME~1\Julian\LOCALS~1\Temp\EEAS2.EXE
O4 - HKLM\..\RunServices: [JLXP0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JLXP0.EXE
O4 - HKLM\..\RunServices: [LWNX1] C:\DOCUME~1\Julian\LOCALS~1\Temp\LWNX1.EXE
O4 - HKLM\..\RunServices: [FGCL2] C:\DOCUME~1\Julian\LOCALS~1\Temp\FGCL2.EXE
O4 - HKLM\..\RunServices: [LTRR0] C:\DOCUME~1\Julian\LOCALS~1\Temp\LTRR0.EXE
O4 - HKLM\..\RunServices: [QMQD1] C:\DOCUME~1\Julian\LOCALS~1\Temp\QMQD1.EXE
O4 - HKLM\..\RunServices: [BMDJ2] C:\DOCUME~1\Julian\LOCALS~1\Temp\BMDJ2.EXE
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [qkzi] C:\PROGRA~1\COMMON~1\qkzi\qkzim.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://www.bardownlo.../cabs/movie.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134411168407
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtutq - vtutq.dll (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:09:54 PM, 12/30/2005
+ Report-Checksum: 7353B851

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Gina\mt-uninstaller.exe -> Spyware.PurityScan.u : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Jessica\Application Data\Mozilla\Fire

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 31 December 2005 - 06:48 AM

wildviper,

Run HJT Scan Only in Normal mode and remove these entries.


O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vtutq.dll
O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe
O4 - HKLM\..\RunServices: [EUSU0] C:\DOCUME~1\Jessica\LOCALS~1\Temp\EUSU0.EXE
O4 - HKLM\..\RunServices: [PEET1] C:\DOCUME~1\Jessica\LOCALS~1\Temp\PEET1.EXE
O4 - HKLM\..\RunServices: [CIER2] C:\DOCUME~1\Jessica\LOCALS~1\Temp\CIER2.EXE
O4 - HKLM\..\RunServices: [JOAT0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\RunServices: [DVCK1] C:\DOCUME~1\Julian\LOCALS~1\Temp\DVCK1.EXE
O4 - HKLM\..\RunServices: [EEAS2] C:\DOCUME~1\Julian\LOCALS~1\Temp\EEAS2.EXE
O4 - HKLM\..\RunServices: [JLXP0] C:\DOCUME~1\Julian\LOCALS~1\Temp\JLXP0.EXE
O4 - HKLM\..\RunServices: [LWNX1] C:\DOCUME~1\Julian\LOCALS~1\Temp\LWNX1.EXE
O4 - HKLM\..\RunServices: [FGCL2] C:\DOCUME~1\Julian\LOCALS~1\Temp\FGCL2.EXE
O4 - HKLM\..\RunServices: [LTRR0] C:\DOCUME~1\Julian\LOCALS~1\Temp\LTRR0.EXE
O4 - HKLM\..\RunServices: [QMQD1] C:\DOCUME~1\Julian\LOCALS~1\Temp\QMQD1.EXE
O4 - HKLM\..\RunServices: [BMDJ2] C:\DOCUME~1\Julian\LOCALS~1\Temp\BMDJ2.EXE
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) -
http://www.bardownlo.../cabs/movie.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) -
http://musicstore.co...ALStreaming.cab
O20 - Winlogon Notify: vtutq - C:\WINDOWS\SYSTEM32\vtutq.dll

Then reboot into Safemode and look for each one of the files that are on the above list to remove and delete them if found.

C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\qtutv.*
Plus all the files in the temp folders that are above

Next , download and install the trial of Spysweeper, make sure it is the 4.5 trial version and not the free online scan.

Download the trial version of Spy Sweeper from Here
Note: On that page, in the Spy Sweeper section, click the link for "Free Trial", NOT the link for "Free Spyware Scan".
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread, along with a new HJT log.

Ken

I will be off line until Monday so take your time.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 wildviper

wildviper

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 10 January 2006 - 12:04 PM

Hey, I finally found the time to get to this. I have been very busy.
Here are the log files. Thanks again for the help.

2:29 AM: | Start of Session, Tuesday, January 10, 2006 |
2:29 AM: Spy Sweeper started
2:29 AM: Sweep initiated using definitions version 598
2:29 AM: Starting Memory Sweep
2:37 AM: Memory Sweep Complete, Elapsed Time: 00:08:13
2:37 AM: Starting Registry Sweep
2:37 AM: Found Adware: hotnow
2:37 AM: HKLM\software\pmx\ (1 subtraces) (ID = 127698)
2:38 AM: Found Adware: wild media - minigolf
2:38 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\wildapp.dll (ID = 135057)
2:38 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\minigolf_affiliate.exe (ID = 135058)
2:38 AM: HKLM\software\minigolf\ (ID = 135062)
2:38 AM: Found Adware: pinfo dialer
2:38 AM: HKU\.default\software\netscape\netscape navigator\user trusted external applications\ || c:\program files\pinfo\dialers\lisa\lisa.exe (ID = 136752)
2:38 AM: Found Adware: purityscan
2:38 AM: HKCR\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\ (8 subtraces) (ID = 137348)
2:38 AM: HKCR\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\ (8 subtraces) (ID = 137349)
2:38 AM: HKLM\software\classes\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\ (8 subtraces) (ID = 137678)
2:38 AM: HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\ (8 subtraces) (ID = 137679)
2:38 AM: HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\typelib\ (2 subtraces) (ID = 137680)
2:38 AM: HKLM\software\classes\typelib\{5530d356-0063-41b9-b20d-e9d799e8d907}\ (9 subtraces) (ID = 137687)
2:38 AM: HKCR\typelib\{5530d356-0063-41b9-b20d-e9d799e8d907}\ (9 subtraces) (ID = 139091)
2:38 AM: Found Adware: targetsaver
2:38 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
2:38 AM: Found Trojan Horse: trojan_backdoor_retro64
2:38 AM: HKCR\clsid\{288c5f13-7e52-4ada-a32e-f5bf9d125f98}\ (19 subtraces) (ID = 144993)
2:38 AM: HKCR\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 144995)
2:38 AM: HKLM\software\classes\clsid\{288c5f13-7e52-4ada-a32e-f5bf9d125f98}\ (19 subtraces) (ID = 144998)
2:38 AM: HKLM\software\classes\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 145000)
2:38 AM: HKLM\software\classes\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145003)
2:38 AM: HKCR\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145004)
2:38 AM: Found Adware: wildmedia
2:38 AM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
2:38 AM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
2:38 AM: Found Adware: clkoptimizer
2:38 AM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
2:38 AM: Found Adware: 2search
2:38 AM: HKCR\stoplite.stoplitectrl.1\ (3 subtraces) (ID = 832751)
2:38 AM: HKCR\clsid\{20048bb4-db68-11cf-9caf-00aa006cb425}\ (3 subtraces) (ID = 832777)
2:38 AM: HKCR\typelib\{20048bb0-db68-11cf-9caf-00aa006cb425}\ (9 subtraces) (ID = 832781)
2:38 AM: HKLM\software\classes\stoplite.stoplitectrl.1\ (3 subtraces) (ID = 832804)
2:38 AM: HKLM\software\classes\clsid\{20048bb4-db68-11cf-9caf-00aa006cb425}\ (3 subtraces) (ID = 832830)
2:38 AM: HKLM\software\classes\typelib\{20048bb0-db68-11cf-9caf-00aa006cb425}\ (9 subtraces) (ID = 832834)
2:38 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/access.ocx\ || {20048bb3-db68-11cf-9caf-00aa006cb425} (ID = 833175)
2:38 AM: HKLM\software\qstat\ || brr (ID = 877670)
2:38 AM: Found Adware: dollarrevenue
2:38 AM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
2:38 AM: HKLM\software\microsoft\windows\currentversion\uninstall\webnexus\ (2 subtraces) (ID = 1006191)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1006\software\pmx\ (13 subtraces) (ID = 127697)
2:38 AM: Found Adware: ie driver
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
2:38 AM: Found Adware: lopdotcom
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1006\software\microsoft\windows\currentversion\run\ || aida (ID = 130496)
2:38 AM: Found Adware: searchbar.html hijack
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1006\software\microsoft\internet explorer\main\ || search bar (ID = 140818)
2:38 AM: Found Adware: bho_sep
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1006\software\sep\ (9 subtraces) (ID = 141642)
2:38 AM: Found Adware: websearch toolbar
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1006\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
2:38 AM: Found Adware: qsearch
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1006\software\program info\ (1 subtraces) (ID = 1028138)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\pmx\ (12 subtraces) (ID = 127697)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
2:38 AM: Found Adware: instant access
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0\ || goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\microsoft\windows\currentversion\run\ || aida (ID = 130496)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\pinfo\ (22 subtraces) (ID = 136746)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\pinfo\dialers\lisa\ (19 subtraces) (ID = 136748)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\microsoft\internet explorer\main\ || search bar (ID = 140818)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\sep\ (9 subtraces) (ID = 141642)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\pinfo\dialers\ (21 subtraces) (ID = 397822)
2:38 AM: HKU\WRSS_Profile_S-1-5-21-1547161642-1078145449-839522115-1005\software\program info\ (1 subtraces) (ID = 1028138)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1004\software\pmx\ (2 subtraces) (ID = 127697)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1004\software\sep\ (9 subtraces) (ID = 141642)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1004\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1004\software\program info\ (1 subtraces) (ID = 1028138)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1003\software\pmx\ (12 subtraces) (ID = 127697)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1003\software\microsoft\windows\currentversion\run\ || aida (ID = 130496)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1003\software\microsoft\internet explorer\main\ || search bar (ID = 140818)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1003\software\sep\ (9 subtraces) (ID = 141642)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1003\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1003\software\microsoft\internet explorer\main\ || updater (ID = 146721)
2:38 AM: HKU\S-1-5-21-1547161642-1078145449-839522115-1003\software\program info\ (1 subtraces) (ID = 1028138)
2:38 AM: Registry Sweep Complete, Elapsed Time:00:00:56
2:38 AM: Starting Cookie Sweep
2:38 AM: Found Spy Cookie: advertising cookie
2:38 AM: jessica@advertising[2].txt (ID = 2175)
2:38 AM: Found Spy Cookie: atlas dmt cookie
2:38 AM: jessica@atdmt[2].txt (ID = 2253)
2:38 AM: Found Spy Cookie: atwola cookie
2:38 AM: jessica@atwola[1].txt (ID = 2255)
2:38 AM: Found Spy Cookie: go.com cookie
2:38 AM: jessica@go[2].txt (ID = 2728)
2:38 AM: gina@advertising[2].txt (ID = 2175)
2:38 AM: gina@atwola[1].txt (ID = 2255)
2:38 AM: gina@go[1].txt (ID = 2728)
2:38 AM: julian@destinations.disney.go[1].txt (ID = 2729)
2:38 AM: julian@disney.go[2].txt (ID = 2729)
2:38 AM: julian@disneyworld.disney.go[1].txt (ID = 2729)
2:38 AM: julian@go[1].txt (ID = 2728)
2:38 AM: Found Spy Cookie: ic-live cookie
2:38 AM: julian@ic-live[2].txt (ID = 2821)
2:38 AM: julian@secure.disney.go[1].txt (ID = 2729)
2:38 AM: julian@wdw.reservations.disney.go[1].txt (ID = 2729)
2:38 AM: owner@advertising[2].txt (ID = 2175)
2:38 AM: owner@ar.atwola[2].txt (ID = 2256)
2:38 AM: owner@atwola[1].txt (ID = 2255)
2:38 AM: owner@go[1].txt (ID = 2728)
2:38 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
2:38 AM: Starting File Sweep
2:39 AM: c:\program files\common files\midaddle (ID = -2147480036)
2:39 AM: Found Adware: delfin
2:39 AM: c:\program files\common files\dpi (ID = -2147481129)
2:39 AM: c:\documents and settings\all users\application data\pcsvc (6 subtraces) (ID = -2147481135)
2:39 AM: c:\documents and settings\all users\application data\dpi (ID = -2147481137)
2:39 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs22e9389f-0c61-4163-a32c-a6ae1000fb90.tmp". The process cannot access the file because it is being used by another process
2:39 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8d26d91e-cef1-436b-a5fd-277cb3899ed7.tmp". The process cannot access the file because it is being used by another process
2:39 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs75c32f18-2a20-4910-87d8-9112e1e4066c.tmp". The process cannot access the file because it is being used by another process
2:40 AM: Warning: Failed to open file "c:\windows\system32\catroot2\tmp.edb". The process cannot access the file because it is being used by another process
2:40 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs50009283-b0fd-4845-90c6-e85335d25c55.tmp". The process cannot access the file because it is being used by another process
2:40 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfb1c7ffe-66ef-4e42-94c8-a6bdebe2a9fd.tmp". The process cannot access the file because it is being used by another process
2:41 AM: vocabulary (ID = 78283)
2:41 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb41ed343-92e4-4ba9-b5dc-d2e7917db148.tmp". The process cannot access the file because it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\$ntuninstallq814033$\$ntuninstallq811493$\spuninst\spuninst.inf". Access is denied
2:42 AM: tsuninst.exe (ID = 193501)
2:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsafb282c7-d42c-4ac8-99e2-d191009bbb28.tmp". The process cannot access the file because it is being used by another process
2:45 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3481eaa-04b2-4865-b8b3-37018562914a.tmp". The process cannot access the file because it is being used by another process
2:45 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs33cad88b-f226-46bb-bb3e-3aeab0d847d6.tmp". The process cannot access the file because it is being used by another process
2:48 AM: Found Adware: ezula ilookup
2:48 AM: woinstall.exe (ID = 60688)
2:48 AM: Warning: Failed to open file "c:\windows\$ntuninstallq814033$\$ntuninstallq811493$\ntoskrnl.exe". Access is denied
2:49 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse0e06d5b-612c-4b89-8ec4-3b8eca3132d5.tmp". The process cannot access the file because it is being used by another process
2:51 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4bd8d618-eab8-4a18-8117-903054f7c1cf.tmp". The process cannot access the file because it is being used by another process
2:51 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse07327d3-3835-48d6-a7d5-4f847d8dac5b.tmp". The process cannot access the file because it is being used by another process
2:51 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1e37746-47a4-4270-a64a-68f58eeb1a49.tmp". The process cannot access the file because it is being used by another process
2:52 AM: Warning: Failed to open file "c:\windows\$ntuninstallq814033$\$ntuninstallq811493$\spuninst\spuninst.exe". Access is denied
2:52 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0bbd44c9-db5c-4e8c-ba38-ace1fb43f7a5.tmp". The process cannot access the file because it is being used by another process
2:54 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs01b8a657-b5cc-4d43-a45c-c170bd934f6e.tmp". The process cannot access the file because it is being used by another process
2:55 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbc3e5edc-96f1-4862-b294-9ff82dd919b2.tmp". The process cannot access the file because it is being used by another process
2:57 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa51c3f25-82cb-44fb-8fb3-a465e62fbe3f.tmp". The process cannot access the file because it is being used by another process
2:57 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb744ed46-869a-4176-a25d-af7f90448d62.tmp". The process cannot access the file because it is being used by another process
2:57 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd94c9184-f57b-4bf7-b800-0d5bf4d819c9.tmp". The process cannot access the file because it is being used by another process
2:57 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1d0ecdaa-bfd6-479e-913b-ff2dfc1be99a.tmp". The process cannot access the file because it is being used by another process
2:58 AM: Warning: Failed to open file "c:\windows\$ntuninstallq814033$\$ntuninstallq811493$\ntkrnlpa.exe". Access is denied
2:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs423d87f9-9859-40bd-9f26-a3023e4baf0e.tmp". The process cannot access the file because it is being used by another process
3:01 AM: Warning: Failed to open file "c:\recycler\5-21-1547161642-1078145449-839522115-1004\info2". The system cannot find the path specified
3:02 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd8165518-5d0b-45bc-a767-6c1cee8d60de.tmp". The process cannot access the file because it is being used by another process
3:03 AM: Found Adware: hotsurprise
3:03 AM: hotsurprise.lnk (ID = 62516)
3:03 AM: nocreditcard.lnk (ID = 63899)
3:03 AM: hotsurprise.lnk (ID = 62516)
3:03 AM: nocreditcard.lnk (ID = 63899)
3:06 AM: Warning: Failed to open file "c:\windows\system32\catroot2\edb.log". The process cannot access the file because it is being used by another process
3:08 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs417a5db1-c898-43de-b1ce-114f7516f912.tmp". The process cannot access the file because it is being used by another process
3:09 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs91cabf16-f6ee-49fd-9986-13f7b7c16468.tmp". The process cannot access the file because it is being used by another process
3:09 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf0ec540a-efe6-45c6-8ec4-5b29ec744885.tmp". The process cannot access the file because it is being used by another process
3:11 AM: class-barrel (ID = 78229)
3:15 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaa00470d-197a-472e-a8a9-610e5e65d4e5.tmp". The process cannot access the file because it is being used by another process
3:16 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1074df1f-088f-4240-bf3a-c52f7beb6fde.tmp". The process cannot access the file because it is being used by another process
3:16 AM: remove_tools.html (ID = 57781)
3:19 AM: tmlpcert2005 (ID = 63918)
3:28 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa7f9679a-702f-4039-a6ee-3070920dbcd1.tmp". The process cannot access the file because it is being used by another process
3:28 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs132f33ae-5dcc-4a26-8c87-5ec4e2d036ba.tmp". The process cannot access the file because it is being used by another process
3:28 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf4fdcd0-1420-4a20-aaf2-404f5ba8ef6c.tmp". The process cannot access the file because it is being used by another process
3:29 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc0c08d03-ebcf-4a77-9f63-39482dfa18e1.tmp". The process cannot access the file because it is being used by another process
3:29 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc95847cf-1b20-413a-8476-65826dd726db.tmp". The process cannot access the file because it is being used by another process
3:29 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscfcf87a0-b326-4553-b887-c79bbaf9ddab.tmp". The process cannot access the file because it is being used by another process
3:29 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2697bcdd-36ad-490a-94bf-785325909941.tmp". The process cannot access the file because it is being used by another process
3:29 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs390c47ce-203a-43e4-9703-10a7ab870e38.tmp". The process cannot access the file because it is being used by another process
3:29 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsde8dea72-9921-4035-8b35-eaab216fd1c2.tmp". The process cannot access the file because it is being used by another process
3:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs88e25f91-b9ca-43b4-83d3-7d76d59ecd1c.tmp". The process cannot access the file because it is being used by another process
3:34 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa45e8436-2448-4779-914b-a443170220ce.tmp". The process cannot access the file because it is being used by another process
3:34 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa1abcd82-0749-4528-a5aa-d93ee6b7c75e.tmp". The process cannot access the file because it is being used by another process
3:34 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3ba626d0-d685-4f97-bab6-683a283efe0f.tmp". The process cannot access the file because it is being used by another process
3:35 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9007e5ea-ca86-46c4-9c2b-68eab32dc421.tmp". The process cannot access the file because it is being used by another process
3:38 AM: backup-20040921-220650-222.inf (ID = 69911)
3:38 AM: sepsd.bin (ID = 75367)
3:38 AM: drsmartload.dat (ID = 198788)
3:38 AM: File Sweep Complete, Elapsed Time: 00:59:48
3:38 AM: Full Sweep has completed. Elapsed time 01:09:13
3:38 AM: Traces Found: 426
11:29 AM: Removal process initiated
11:29 AM: Quarantining All Traces: clkoptimizer
11:29 AM: Quarantining All Traces: ie driver
11:29 AM: Quarantining All Traces: lopdotcom
11:29 AM: Quarantining All Traces: purityscan
11:29 AM: Quarantining All Traces: qsearch
11:29 AM: Quarantining All Traces: websearch toolbar
11:29 AM: Quarantining All Traces: wildmedia
11:29 AM: Quarantining All Traces: 2search
11:29 AM: Quarantining All Traces: delfin
11:29 AM: Quarantining All Traces: hotsurprise
11:29 AM: Quarantining All Traces: trojan_backdoor_retro64
11:29 AM: Quarantining All Traces: bho_sep
11:29 AM: Quarantining All Traces: dollarrevenue
11:29 AM: Quarantining All Traces: ezula ilookup
11:29 AM: Quarantining All Traces: hotnow
11:29 AM: Quarantining All Traces: instant access
11:29 AM: Quarantining All Traces: pinfo dialer
11:29 AM: Quarantining All Traces: searchbar.html hijack
11:29 AM: Quarantining All Traces: targetsaver
11:30 AM: Quarantining All Traces: wild media - minigolf
11:30 AM: Quarantining All Traces: advertising cookie
11:30 AM: Quarantining All Traces: atlas dmt cookie
11:30 AM: Quarantining All Traces: atwola cookie
11:30 AM: Quarantining All Traces: go.com cookie
11:30 AM: Quarantining All Traces: ic-live cookie
11:30 AM: Removal process completed. Elapsed time 00:01:10
11:31 AM: Processing Startup Alerts
11:31 AM: Removed Startup entry: Gwt
11:31 AM: Processing Startup Alerts
11:31 AM: Removed Startup entry: Weather
11:59 AM: Processing Startup Alerts
11:59 AM: Allowed Startup entry: MSMSGS
11:59 AM: Processing Startup Alerts
11:59 AM: Processing Startup Alerts
11:59 AM: Allowed Startup entry: AIM
********
2:27 AM: | Start of Session, Tuesday, January 10, 2006 |
2:27 AM: Spy Sweeper started
2:28 AM: Your spyware definitions have been updated.
2:29 AM: | End of Session, Tuesday, January 10, 2006 |


Logfile of HijackThis v1.99.1
Scan saved at 12:00:47 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\itunes.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hijack This\hijackthis2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Java] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [qkzi] C:\PROGRA~1\COMMON~1\qkzi\qkzim.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134411168407
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 January 2006 - 12:58 PM

wildviper,

We cleaned up a lot but there is still some entries that need to go.

Run Ewido again, this time in Safemode, but first check for updates, then close out the program.

To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

Now Open and run Ewido.

Save the report and paste it into your next reply.


While in Safemode, open HJT Scan Only, close all windows and put a checkmark by these entries and click on Fix Checked.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe


In Safemode, look for and delete the following files in Red if Still present.

C:\maem.exe
C:\rep.exe
C:\PROGRAM FILES\COMMON FILES\remove_tools.html
C:\WINDOWS\itunes.exe
C:\WINDOWS\woinstall.exe
C:\WINDOWS\SYSTEM32\tsuninst.exe





Please post a new Ewido report and a new HJT log.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 wildviper

wildviper

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 10 January 2006 - 06:19 PM

One quick question. You keep asking me to remove the itunes.exe file. We use itunes w/ipods here will that affect the music I already downloaded?

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 January 2006 - 08:19 PM

wildviper,

There is a worm going around that disguises it self as iTunes. The program you have in
C:\Program Files\iTunes\iTunesHelper.exe is legit, so leave that alone.

If you look on your HJT log you will see these entries

These are legit
C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


These I am sure are bogus
C:\WINDOWS\itunes.exe
O4 - HKLM\..\Run: [Itunes] C:\WINDOWS\itunes.exe


You can read about it here
http://infotech.indi...how/1175341.cms

What I would like you to do is upload and submit this file to these 3 websites for analysis

C:\WINDOWS\itunes.exe

http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustota...h/index_en.html

Post back with the results please.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#11 wildviper

wildviper

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 11 January 2006 - 12:23 AM

Of course, you were right. Each site found at least this: itunes.exe - infected by Trojan.Win32.Pakes

Thank you, I will continue with your instructions.

#12 wildviper

wildviper

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 11 January 2006 - 12:30 AM

I thought I would post one complete result of the itunes.exe file scan. Maybe it will help you help others. This is a report processed by VirusTotal on 01/11/2006 at 07:25:53 (CET) after scanning the file "itunes.exe" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.10.2006 TR/Pakes.15 Avast 4.6.695.0 01.09.2006 Win32:Pakes-J AVG 718 01.10.2006 Worm/Generic.L Avira 6.33.0.77 01.10.2006 TR/Pakes.15 BitDefender 7.2 01.11.2006 Win32.Worm.Opanky.Y CAT-QuickHeal 8.00 01.10.2006 (Suspicious) - DNAScan ClamAV devel-20051123 01.10.2006 no virus found DrWeb 4.33 01.10.2006 Win32.HLLW.Baum eTrust-Iris 7.1.194.0 01.10.2006 Win32/Trykid.213504!Worm eTrust-Vet 12.4.1.0 01.11.2006 no virus found Ewido 3.5 01.10.2006 no virus found Fortinet 2.54.0.0 01.11.2006 W32/Megalo.A-net F-Prot 3.16c 01.10.2006 security risk named W32/Backdoor.CMR Ikarus 0.2.59.0 01.10.2006 Trojan.Win32.Pakes Kaspersky n ..a Trojan.Win32.Pakes McAfee 4671 01.10.2006 W32/Opanki.worm NOD32v2 1.1359 01.10.2006 Win32/Oscarbot.M Norman 5.70.10 01.10.2006 W32/Pakes.DV Panda 9.0.0.4 01.10.2006 W32/Oscarbot.BN.worm Sophos 4.01.0 01.11.2006 W32/Oscabot-L Symantec 8.0 01.11.2006 W32.Opanki.D TheHacker 5.9.2.071 01.10.2006 Trojan/Pakes UNA 1.83 01.10.2006 Trojan.Win32.Pakes VBA32 3.10.5 01.10.2006 Trojan.Win32.Pakes VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

#13 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 January 2006 - 07:05 AM

Good morning, Post one last HJT log for me to go over to be sure all is well. Then I will post some tips and free programs for you to install to help keep you more secure. Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#14 wildviper

wildviper

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 11 January 2006 - 10:52 AM

Here are the results of my last two scans.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:49:18 AM, 1/11/2006
+ Report-Checksum: 14EA8A03

+ Scan result:

:mozilla.7:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Gina\Application Data\Mozilla\Firefox\Profiles\91m1l20e.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Gina\Cookies\gina@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.23:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
-> : Error during cleaning
:mozilla.33:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\jj4h9an3.gina's\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\l0jgvd6x.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c5xcc3y6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 9:52:17 AM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijack This\hijackthis2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Java] C:\DOCUME~1\Julian\LOCALS~1\Temp\JOAT0.EXE
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [qkzi] C:\PROGRA~1\COMMON~1\qkzi\qkzim.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134411168407
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

THANK YOU for the all the help.

#15 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 January 2006 - 11:51 AM

wildviper, It looks like all Ewido found was cookies :thumbup: It also looks like you ran HJT Scan and Save a Log file in Safemode, its not giving me the whole picture. Just run HJT again in normall mode and let me make sure your ok. If at this point you feel that your system is running ok, let me know. Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users