WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Spy Axe - Help!

Started by aman , Dec 03 2005 10:58 PM

This topic is locked

12 replies to this topic

#1 aman

New Member

New Member
8 posts

Posted 03 December 2005 - 10:58 PM

hey,
iv started to get pop-ups saying my computer is infected and to fix the problem, i should go to this website. once i click on the website, it directs me to something called 'spy-axe', which seems fake. i continuously get boxes appearing asking me to install this software, which seems to be the source of the problem. iv tried running a couple of virus ans trojan scans. even though they say that they have identified the problem, i keep getting the pop-ups.
i ran the scan that this website provided, and was wondering if you could help me in telling me what to get rid of and what not to. the log is provided below:

Logfile of HijackThis v1.99.1
Scan saved at 3:49:29 PM, on 12/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anil Saxena\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hp6493.tmp
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [MOJNPluginSrIvcs] neomonap23.exe
O4 - HKLM\..\RunServices: [HELLBOT TEST] 1hellbot.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100747167423
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...406/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C913C4E-C554-453C-8DC0-8E635AC5D0E0}: NameServer = 10.1.1.1,4.2.2.2
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

im not so great with computers, but ur help would be appreciated
thanks,
aman

Edited by aman, 03 December 2005 - 11:00 PM.

Advertisements

Register to Remove

#2 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 04 December 2005 - 11:25 AM

Please download SpyAxeFix from here.
http://noahdfear.gee...m/SpyAxeFix.exe

Save it to your desktop. Close all other programs and windows. Double click SpyAxeFix.exe, then click Start to extract the tool to it's own folder. Open the SpyAxeFix folder and double click the SpyAxeFix.bat to start the tool. At one point when the tool runs, your taskbar will disappear, and your computer will restart when the tool completes. Two text files will be created in the SpyAxeFix folder. Post the contents of both. Also a new hijackthis log please.

#3 aman

New Member

New Member
8 posts

Posted 04 December 2005 - 07:12 PM

when i try to open the bat file, a box appears telling me 'windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item'. im not sure what to do

#4 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 04 December 2005 - 09:09 PM

* Go to the C:\Program Files\SpyAxe folder and doubleclick the uninstall.exe
file and let it run.

* Click here to download http://noahdfear.gee.../click.php?id=1
.
* Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

*Download Cleanup from Here

http://www.stevengou...p/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET

* Download the trial version of Ewido Security Suite.

http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.

http://service1.syma...src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

* Run Ewido:

* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.

* Go to Control Panel > Internet Options. Click on the Programs tab then
click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Desktop" tab then click
the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you
should see an entry checked called something like "Security info" or similar.
If it is there, select that entry and click the "Delete" button. Click OK
then Apply and OK.

* Restart back into Windows normally now.

Run an online antivirus check from

http://www.kaspersky.com/virusscanner

* Run ActiveScan online virus scan here

http://www.pandasoft.../activescan.htm

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

post another hijack this log, the ewido and active scan logs

#5 aman

New Member

New Member
8 posts

Posted 06 December 2005 - 07:45 AM

i followed the instructions you gave me. the new hijack this log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:12 AM, on 12/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Anil Saxena\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hpB870.tmp (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [MOJNPluginSrIvcs] neomonap23.exe
O4 - HKLM\..\RunServices: [HELLBOT TEST] 1hellbot.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100747167423
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...406/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C913C4E-C554-453C-8DC0-8E635AC5D0E0}: NameServer = 10.1.1.1,4.2.2.2
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

the log from the ewido scan report is:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:55:50 PM, 12/6/2005
+ Report-Checksum: DC6E4A93

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\salm -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1229272821-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1229272821-1708537768-854245398-1003\Software\salm -> Spyware.180Solutions : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\1en113z4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mo

#6 aman

New Member

New Member
8 posts

Posted 06 December 2005 - 07:48 AM

i dont think the complete pandascan report was posted. it is as follows: Incident Status Location Adware:Adware/SpyAxe Not desinfected C:\WINDOWS\System32\svchosts.dll Adware:adware/spyaxe Not desinfected C:\WINDOWS\SYSTEM32\svchosts.dll Adware:adware/securityerror Not desinfected C:\Documents and Settings\Anil Saxena\Favorites\Take It Here - Daily Updated Porn Links.url Adware:adware/dyfuca Not desinfected Windows Registry Virus:Exploit/ByteVerify Disinfected C:\RECYCLER\S-1-5-21-1229272821-1708537768-854245398-1003\Dc1.zip[GetAccess.class] Virus:Exploit/ByteVerify Disinfected C:\RECYCLER\S-1-5-21-1229272821-1708537768-854245398-1003\Dc1.zip[InsecureClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\RECYCLER\S-1-5-21-1229272821-1708537768-854245398-1003\Dc1.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\RECYCLER\S-1-5-21-1229272821-1708537768-854245398-1003\Dc1.zip[Installer.class] Virus:W32/Bagle.BC.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Re: T\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Re: T\Joke.zlq Virus:W32/Bagle.BC.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Re: H\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Re: H\price.zl9 Virus:W32/Bagle.BC.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Re:\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Re:\price.zlq Virus:W32/Bagle.BC.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Re: T\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Re: T\price.zlq Virus:W32/Mywife.D.worm Disinfected Personal Folders\Quarantine\windystrings\Nokia_6600zip.z[PaltlkRoom.wav_________________________________________________________.scr] Virus:W32/Bagle.BK.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\zupd02.cpl Virus:W32/Bagle.BL.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\upd02.scr Virus:W32/Bagle.BL.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\zupd02.com Virus:W32/Bagle.BK.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Regis\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Regis\siupd02.cpl Virus:W32/Bagle.BL.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\Jol03.exe Virus:W32/Bagle.BK.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\Potentially unwanted message body detected, entire message has been moved to quarantine folder~Deliv\guupd02.cpl Virus:Trj/Mitglieder.BO Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~\Potentially unwanted message body detected, entire message has been moved to quarantine folder~\08_price.zip[doc_01.exe] Virus:Trj/Mitglieder.BO Not desinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~\Potentially unwanted message body detected, entire message has been moved to quarantine folder~\345556.rar[dddd.exe] Virus:W32/Bagle.EC.worm Disinfected Personal Folders\Quarantine\Potentially unwanted message body detected, entire message has been moved to quarantine folder~\Potentially unwanted message body detected, entire message has been moved to quarantine folder~\Work and taxes.zip[Taxes.exe] Virus:W32/Sober.AH.worm Disinfected Personal Folders\Quarantine\Paris_Hilton_&_Nicole_Richie\downloadm.zip[File-packed_dataInfo.exe] Adware:Adware/SpyAxe Not desinfected C:\WINDOWS\system32\svchosts.dll im not really sure where to go from here. thanks for all of your help.

#7 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 06 December 2005 - 10:56 PM

Please do a can at the link below and post the log.

http://www.kaspersky...kavwebscan.html

#8 aman

New Member

New Member
8 posts

Posted 07 December 2005 - 09:08 PM

the log from the kaspersky scan is as follows: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, December 06, 2005 14:18:45 Operating System: Microsoft Windows XP Professional, (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 6/12/2005 Kaspersky Anti-Virus database records: 153617 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 52894 Number of viruses found: 16 Number of infected objects: 44 Number of suspicious objects: 0 Duration of the scan process: 3679 sec Infected Object Name - Virus Name C:\Documents and Settings\Anil Saxena\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26db70e-3c8a28e1.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c C:\Documents and Settings\Anil Saxena\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26db70e-3c8a28e1.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify C:\Documents and Settings\Anil Saxena\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26db70e-3c8a28e1.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a C:\Documents and Settings\Anil Saxena\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26db70e-3c8a28e1.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v C:\Documents and Settings\Anil Saxena\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26db70e-3c8a28e1.zip Infected: Trojan-Downloader.Java.OpenConnection.v C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/17 Nov 2004 22:46 from Fulcrum:Potentially unwanted message body/Joke.zlq Infected: Email-Worm.Win32.Bagle.at C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/18 Nov 2004 20:39 from Fulcrum:Potentially unwanted message body/price.zl9 Infected: Email-Worm.Win32.Bagle.at C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/19 Nov 2004 04:24 from Fulcrum:Potentially unwanted message body/price.zlq Infected: Email-Worm.Win32.Bagle.at C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/19 Nov 2004 22:10 from Fulcrum:Potentially unwanted message body/price.zlq Infected: Email-Worm.Win32.Bagle.at C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/28 Nov 2004 12:54 from Sweet Women:windystrings/Nokia_6600zip.z/PaltlkRoom.wav_________________________________________________________.scr Infected: Email-Worm.Win32.Nyxem.c C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/28 Nov 2004 12:54 from Sweet Women:windystrings/Nokia_6600zip.z Infected: Email-Worm.Win32.Nyxem.c C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/29 Dec 2004 11:53 from Error_Mail@amazon.com:Potentially unwante/auto__mail.amazon6139.com Infected: Email-Worm.Win32.Sober.i C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/27 Jan 2005 21:32 from Jamilsarraf:Potentially unwanted message /zupd02.cpl Infected: Email-Worm.Win32.Bagle.at C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/29 Jan 2005 00:20 from Jamilsarraf:Potentially unwanted message /upd02.scr Infected: Email-Worm.Win32.Bagle.ba C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/01 Feb 2005 20:41 from Jamilsarraf:Potentially unwanted message /zupd02.com Infected: Email-Worm.Win32.Bagle.ba C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/02 Feb 2005 01:38 from Jamilsarraf:Potentially unwanted message /siupd02.cpl Infected: Email-Worm.Win32.Bagle.at C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/02 Feb 2005 02:09 from Jamilsarraf:Potentially unwanted message /Jol03.exe Infected: Email-Worm.Win32.Bagle.ba C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/02 Feb 2005 03:32 from Jamilsarraf:Potentially unwanted message /guupd02.cpl Infected: Email-Worm.Win32.Bagle.at C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/01 Mar 2005 04:28 from Asaxena:Potentially unwanted message body/08_price.zip/Loader/doc_01.exe Infected: Email-Worm.Win32.Bagle.bb C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/01 Mar 2005 04:28 from Asaxena:Potentially unwanted message body/08_price.zip Infected: Email-Worm.Win32.Bagle.bb C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/04 Mar 2005 19:20 from Asaxena:Potentially unwanted message body/345556.rar/dddd.exe Infected: Email-Worm.Win32.Bagle.pac C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/04 Mar 2005 19:20 from Asaxena:Potentially unwanted message body/345556.rar Infected: Email-Worm.Win32.Bagle.pac C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/12 Aug 2005 23:18 from Asaxena:Potentially unwanted message body/Work and taxes.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.cl C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/12 Aug 2005 23:18 from Asaxena:Potentially unwanted message body/Work and taxes.zip Infected: Email-Worm.Win32.Bagle.cl C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/01 Oct 2005 13:11 from eBay Inc:Potentially unwanted message bod.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/07 Oct 2005 09:17 from eBay Inc:Potentially unwanted message bod.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/20 Oct 2005 03:24 from eBay Inc:Potentially unwanted message bod.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/01 Nov 2005 02:36 from eBay:Potentially unwanted message body de.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/28 Nov 2005 09:29 from info@netvigator.com:Paris_Hilton_&_Nicole/downloadm.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Quarantine/28 Nov 2005 09:29 from info@netvigator.com:Paris_Hilton_&_Nicole/downloadm.zip Infected: Email-Worm.Win32.Sober.y C:\Documents and Settings\Anil Saxena\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Sober.y C:\My Shared Folder\kmd151.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y C:\My Shared Folder\kmd151.exe/data0027 Infected: Trojan.Win32.Krepper.y C:\My Shared Folder\kmd151.exe Infected: Trojan.Win32.Krepper.y C:\My Shared Folder\kmd15_en.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y C:\My Shared Folder\kmd15_en.exe/data0030 Infected: Trojan.Win32.Krepper.y C:\My Shared Folder\kmd15_en.exe Infected: Trojan.Win32.Krepper.y C:\My Shared Folder\kmd160_en.exe/data0031/bdeviewer.exe Infected: Trojan.Win32.Krepper.y C:\My Shared Folder\kmd160_en.exe/data0031 Infected: Trojan.Win32.Krepper.y C:\My Shared Folder\kmd160_en.exe Infected: Trojan.Win32.Krepper.y C:\quarantine\count1.jar-184554b2-72c928a3.zip/Beyond.class Infected: Trojan.Java.Needy.c C:\quarantine\count1.jar-184554b2-72c928a3.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.s C:\quarantine\count1.jar-184554b2-72c928a3.zip/VerifierBug.class Infected: Trojan.Java.Needy.c C:\quarantine\count1.jar-184554b2-72c928a3.zip Infected: Trojan.Java.Needy.c Scan process completed.

#9 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 07 December 2005 - 09:19 PM

New hijackthis log please.

#10 aman

New Member

New Member
8 posts

Posted 08 December 2005 - 05:14 PM

the new hijack this log is:

Logfile of HijackThis v1.99.1
Scan saved at 10:13:35 AM, on 12/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anil Saxena\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hpB870.tmp (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [MOJNPluginSrIvcs] neomonap23.exe
O4 - HKLM\..\RunServices: [HELLBOT TEST] 1hellbot.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100747167423
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...406/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C913C4E-C554-453C-8DC0-8E635AC5D0E0}: NameServer = 10.1.1.1,4.2.2.2
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#11 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 08 December 2005 - 05:56 PM

Download smitRem.exe©noahdfear and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
===================================================

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hpB870.tmp (file missing)

O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [MOJNPluginSrIvcs] neomonap23.exe
O4 - HKLM\..\RunServices: [HELLBOT TEST] 1hellbot.exe

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll

O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)

===================================================

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

#12 aman

New Member

New Member
8 posts

Posted 10 December 2005 - 08:52 PM

the new hijack this is:

Logfile of HijackThis v1.99.1
Scan saved at 1:47:34 PM, on 12/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anil Saxena\Desktop\HijackThis.exe

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100747167423
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...406/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C913C4E-C554-453C-8DC0-8E635AC5D0E0}: NameServer = 10.1.1.1,4.2.2.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

the contents of the smitfiles are as follows:

smitRem © log file
version 2.7

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 12/11/2005
The current time is: 11:30:53.29

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

the ewido log is as follows:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:37:26 PM, 12/11/2005
+ Report-Checksum: 993B2DA8

+ Scan result:

[724] C:\WINDOWS\System32\svchosts.dll -> Not-A-Virus.Downloader.Win32.Spax.a : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Anil Saxena\Application Data\Mozilla\Firefox\Profiles\jesrxjb9.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\SpyAxe\SpyAxe.exe -> Adware.Spyaxe : Cleaned with backup
C:\WINDOWS\system32\svchosts.dll -> Not-A-Virus.Downloader.Win32.Spax.a : Cleaned with backup

::Report End

the computer seems to be ok. if you could go through the scans and let me know is the virus is gone...it would be great.
thanks!!

#13 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 10 December 2005 - 10:04 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Body Background

skin color theme