Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

schickman

35 Posts

1417

September 17th, 2006 13:00

Help, I'm infested! Hijack this log included...

I'm in bad shape, with browser redirects to fake google pages,
bogus toolbar added into IE, etc. etc. - please check out this
hijack this logfile and let me know what to do!
Thank you,
Bill schickman

Logfile of HijackThis v1.99.1
Scan saved at 10:56:20 AM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - {1BE1565F-A7F2-E1FD-9445-67873E6EAE36} - AppMasterCenter.dll (file missing)
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.harmony-central.com/"); (C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [forces_elite] WTFCTF.exe
O4 - HKLM\..\Run: [XTermInit] WTFCTF.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [cnftips] lpt.exe
O4 - HKCU\..\Run: [sound64] xxtoolbar.exe
O4 - HKCU\..\Run: [driver32] AliceSD.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0967F88A-DDCD-481C-A70C-E55960F59B6C}: NameServer = 85.255.116.115,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BA2FF97-6C8E-4459-93BE-410ABF3704F5}: NameServer = 85.255.116.115,85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{0967F88A-DDCD-481C-A70C-E55960F59B6C}: NameServer = 85.255.116.115,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\..\{0967F88A-DDCD-481C-A70C-E55960F59B6C}: NameServer = 85.255.116.115,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Shaba_FIN

273 Posts

September 18th, 2006 14:00

Hi schickman

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

  • Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer; please do so.
  • Your system may take longer than usual to load; this is normal.


Open HijackThis, click do a system scan only and checkmark these:

O4 - HKLM\..\Run: [forces_elite] WTFCTF.exe
O4 - HKLM\..\Run: [XTermInit] WTFCTF.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [cnftips] lpt.exe
O4 - HKCU\..\Run: [sound64] xxtoolbar.exe
O4 - HKCU\..\Run: [driver32] AliceSD.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0967F88A-DDCD-481C-A70C-E55960F59B6C}: NameServer = 85.255.116.115,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BA2FF97-6C8E-4459-93BE-410ABF3704F5}: NameServer = 85.255.116.115,85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{0967F88A-DDCD-481C-A70C-E55960F59B6C}: NameServer = 85.255.116.115,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\..\{0967F88A-DDCD-481C-A70C-E55960F59B6C}: NameServer = 85.255.116.115,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158

Close all windows including browser and press fix checked.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
      Note: If the Update now option is grayed out, follow the steps below.
      • Click on Update on the toolbar.
      • Under Manual update, click on the Start Update button.
      • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

Please download ATF Cleaner by Atribune and save
it to desktop. Don't use it yet.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Delete if present:

C:\Program Files\KillAndClean

Please do a search:
"Run "Start">"Search">"All Files and Folders"> enter WTFCTF.exe in "All or part of file name". Select "More advanced options". Check-mark "Search System Folders", "Search hidden files and folders", and "Search subfolders". Click "Search". Right click the file and select delete.

Empty Recycle Bin.

NOTE: That file may not exist at all! If it doesn't, just skip the step above.

Repeat step for these files:

lpt.exe
xxtoolbar.exe
AliceSD.exe

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Please post:
  • c:\fixwareout\report.txt
  • Ewido log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.

Message Edited by Shaba_FIN on 09-18-2006 10:37 AM

schickman

35 Posts

September 19th, 2006 10:00

Part 3 -

:mozilla.17:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\yikesjbn@earthlink.net\Cookies\bill@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20060610095509625.zip/documents and settings/mary/cookies/mary@questionmarket[1].txt -> TrackingCookie.Questionmarket : Error during cleaning.
:mozilla.116:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

schickman

35 Posts

September 19th, 2006 10:00

Hi Shaba_fin, here's the fixwareout report:


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32
{3954CE66-8217-4476-AF31-C244F096C57C}.exe

schickman

35 Posts

September 19th, 2006 10:00

Part 4 -

:mozilla.148:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Elizabeth\Cookies\elizabeth@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

schickman

35 Posts

September 19th, 2006 10:00

Part 2 -
C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip/documents and settings/mary/cookies/mary@z1.adserver[1].txt -> TrackingCookie.Adserver : Error during cleaning.
:mozilla.10:C:\Documents and Settings\Mary\Application Data\Netscape\NSB\Profiles\3wlvty38.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Mary\Application Data\Netscape\NSB\Profiles\3wlvty38.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Mary\Application Data\Netscape\NSB\Profiles\3wlvty38.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\yikesjbn@earthlink.net\Cookies\bill@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20060528232313859.zip/documents and settings/mary/cookies/bill@advertising[1].txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.48:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\yikesjbn@earthlink.net\Cookies\bill@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Elizabeth\Cookies\elizabeth@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Counted : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Mary\Application Data\Netscape\NSB\Profiles\3wlvty38.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\yikesjbn@earthlink.net\Cookies\bill@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Elizabeth\Cookies\elizabeth@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20060912221941968.zip/documents and settings/mary/cookies/mary@doubleclick[1].txt -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.51:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Elizabeth\Cookies\elizabeth@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Elizabeth\Cookies\elizabeth@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.308:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Elizabeth\Cookies\elizabeth@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

schickman

35 Posts

September 19th, 2006 10:00

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:07:01 AM 9/19/2006

+ Scan result:



C:\Program Files\Microsoft AntiSpyware\Quarantine\B2DB576E-90CE-471C-98FA-492CD2\FC53CE02-264F-4F70-BE37-95CA5C -> Adware.Background : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\c35b7s.dll/bi.dll -> Adware.BiSpy : Error during cleaning.
C:\WINDOWS\SYSTEM32\c35b7s.dll/biprep.exe -> Adware.BiSpy : Error during cleaning.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP895\A0186042.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP910\A0187448.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP895\A0186041.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP910\A0187447.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP821\A0172721.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP910\A0187449.dll -> Adware.SBSoft : Cleaned with backup (quarantined).
C:\WINDOWS\od-matr110.exe -> Dialer.WebDialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187396.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187422.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187432.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP910\A0187456.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cslfs.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cszkw.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\{C721755D-F699-4AC3-9C7A-C2084A293D06}.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\ms32.sys -> Downloader.Small : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3136207814-2154702590-596957751-1008\Dc6.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP895\A0186038.exe -> Hijacker.Small.kg : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Mary\Application Data\Netscape\NSB\Profiles\3wlvty38.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Mary\Application Data\Netscape\NSB\Profiles\3wlvty38.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\yikesjbn@earthlink.net\Cookies\bill@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Elizabeth\Cookies\elizabeth@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).

schickman

35 Posts

September 19th, 2006 10:00

New Hijack This log:

C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187407.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187408.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP895\A0186040.exe -> Trojan.Hoster : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\{9F6ACD20-2B48-405D-A434-9859BCEF1ADD}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmeow.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmjje.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187402.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187427.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187442.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP910\A0187467.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmpvl.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\{F910ADB2-9E7C-417B-80F0-577FECB9ADB5}.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Application Data\Qualcomm\Eudora\attach\5.zip/09_05_2005.exe -> Worm.Bagle.bo : Error during cleaning.


::Report end



Thank you!

Bill schickman

schickman

35 Posts

September 19th, 2006 10:00

Final Part (5) -

C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\gv3xa87w.Julia\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\7bww8id5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\qhhm01l6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Julia\Cookies\julia@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187407.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187408.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP895\A0186040.exe -> Trojan.Hoster : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\{9F6ACD20-2B48-405D-A434-9859BCEF1ADD}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmeow.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmjje.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187402.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187427.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0187442.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP910\A0187467.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmpvl.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\{F910ADB2-9E7C-417B-80F0-577FECB9ADB5}.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary\Application Data\Qualcomm\Eudora\attach\5.zip/09_05_2005.exe -> Worm.Bagle.bo : Error during cleaning.


::Report end

Shaba_FIN

273 Posts

September 19th, 2006 13:00

Hi

Please send a fresh HijackThis log :)

schickman

35 Posts

September 20th, 2006 00:00

Hi Shaba - here's a new hijackthis log:
 
Logfile of HijackThis v1.99.1
Scan saved at 9:51:14 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
N4 - Mozilla: user_pref("browser.startup.homepage", " http://www.harmony-central.com/"); (C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
 

Shaba_FIN

273 Posts

September 20th, 2006 05:00

Hi
 
Delete these:
 
C:\WINDOWS\SYSTEM32\c35b7s.dll
C:\Documents and Settings\Mary\Application Data\Qualcomm\Eudora\attach\5.zip
 
Empty Recycle Bin.
 

Please run this online scan:

Panda ActiveScan

  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.



Post the contents of the Panda scan report, along with a new HijackThis Log

schickman

35 Posts

September 21st, 2006 02:00

Activescan part 2


Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Elizabeth\Cookies\elizabeth@target[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Julia\Application Data\Mozilla\Firefox\Profiles\rt5xfmfg.emergency\cookies.txt[.realmedia.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julia\Application Data\Netscape\NSB\Profiles\x91q93gq.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Julia\Cookies\julia@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Julia\Cookies\julia@azjmp[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Julia\Cookies\julia@go[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Julia\Cookies\julia@realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mary\Cookies\bill@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mary\Cookies\bill@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mary\Cookies\bill@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mary\Cookies\bill@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mary\Cookies\bill@mediaplex[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mary\Cookies\mary@2o7[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mary\Cookies\mary@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mary\Cookies\mary@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mary\Cookies\mary@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mary\Cookies\mary@mediaplex[1].txt
Adware:Adware/Comet Not disinfected C:\Program Files\Acoustica CD Label Maker\fileutil.dll
Virus:Eicar.Mod Renamed C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030625.019\hh[pocketpcdefs1.zip]
Virus:Eicar.Mod Renamed C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030625.019\hh[pocketpcdefs1.zip][savce.def]
Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060528111930265.zip[documents and settings/mary/cookies/mary@2o7[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060528111930265.zip[documents and settings/mary/cookies/bill@2o7[2].txt]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20060528111930265.zip[documents and settings/mary/cookies/bill@advertising[1].txt]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20060528232313859.zip[documents and settings/mary/cookies/bill@advertising[1].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060528232313859.zip[documents and settings/mary/cookies/bill@2o7[2].txt]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\PestPatrol\Quarantine\20060610095509625.zip[documents and settings/mary/cookies/mary@questionmarket[1].txt]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\PestPatrol\Quarantine\20060610095509625.zip[documents and settings/mary/cookies/bill@questionmarket[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060610095509625.zip[documents and settings/mary/cookies/mary@2o7[1].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060610095509625.zip[documents and settings/mary/cookies/bill@2o7[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060708094153375.zip[documents and settings/mary/cookies/mary@2o7[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060708094153375.zip[documents and settings/mary/cookies/bill@2o7[1].txt]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\PestPatrol\Quarantine\20060708094153375.zip[documents and settings/mary/cookies/bill@questionmarket[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060716184637484.zip[documents and settings/mary/cookies/mary@2o7[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060716184637484.zip[documents and settings/mary/cookies/bill@2o7[1].txt]

schickman

35 Posts

September 21st, 2006 02:00

New hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:10:20 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.harmony-central.com/"); (C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

schickman

35 Posts

September 21st, 2006 02:00

panda activescan output - 1:


Incident Status Location

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Bill\Application Data\Earthlink\6.0\muddytele@earthlink.net\Cookies\mary@i.screensavers[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\khn28r0v.default\cookies.txt[.zedo.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt[.fortunecity.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt[.kinghost.com/]
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\cookies.txt[.linkexchange.ru/]
Virus:W32/Netsky.C.worm Disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\Mail\208.37.68.35\Inbox[~0000099.~][~0000000.~][information.zip][information.rtf.pif]
Virus:W32/Mydoom.F.worm Disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\Mail\208.37.68.35\Inbox[~0000160.~][~0000000.~][photo.zip][photo.scr]
Virus:W32/Mydoom.F.worm Disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\Mail\208.37.68.35\Inbox[~0000168.~][~0000000.~][me.zip][me.jpg
Virus:W32/Netsky.C.worm Disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Profiles\default\tt844gsh.slt\Mail\208.37.68.35\Inbox[~0000216.~][~0000000.~][topseller.txt.scr]
Virus:W32/Netsky.C.worm Disinfected C:\Documents and Settings\Bill\Application Data\Thunderbird\Profiles\5wkvuycx.default\Mail\208.37.68.35\Inbox[~0000099.~][~0000000.~][information.zip][information.rtf.pif]
Virus:W32/Mydoom.F.worm Disinfected C:\Documents and Settings\Bill\Application Data\Thunderbird\Profiles\5wkvuycx.default\Mail\208.37.68.35\Inbox[~0000160.~][~0000000.~][photo.zip][photo.scr]
Virus:W32/Mydoom.F.worm Disinfected C:\Documents and Settings\Bill\Application Data\Thunderbird\Profiles\5wkvuycx.default\Mail\208.37.68.35\Inbox[~0000168.~][~0000000.~][me.zip][me.jpg
Virus:W32/Netsky.C.worm Disinfected C:\Documents and Settings\Bill\Application Data\Thunderbird\Profiles\5wkvuycx.default\Mail\208.37.68.35\Inbox[~0000216.~][~0000000.~][topseller.txt.scr]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\zr776j9e.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Elizabeth\Cookies\elizabeth@go[2].txt

schickman

35 Posts

September 21st, 2006 02:00

Part 3

Spyware:Cookie/Adserver Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@z1.adserver[1].txt]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@trafficmp[1].txt]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@realmedia[1].txt]
Spyware:Cookie/Overture Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@overture[2].txt]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@mediaplex[1].txt]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@mediaplex[1].txt]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@maxserving[1].txt]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@fastclick[1].txt]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@fastclick[2].txt]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@doubleclick[1].txt]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@doubleclick[1].txt]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@burstnet[2].txt]
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@bluestreak[1].txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@atdmt[2].txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@atdmt[2].txt]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@advertising[2].txt]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@advertising[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/mary@2o7[1].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@2o7[2].txt]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@zedo[1].txt]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@statcounter[2].txt]
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@stat.onestat[2].txt]
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@sextracker[2].txt]
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@counter14.sextracker[1].txt]
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@counter13.sextracker[1].txt]
Spyware:Cookie/SexList Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@sexlist[1].txt]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@questionmarket[1].txt]
Spyware:Cookie/PayCounter Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@paycounter[2].txt]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\PestPatrol\Quarantine\20060911233912562.zip[documents and settings/mary/cookies/bill@com[1].txt]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\PestPatrol\Quarantine\20060912221941968.zip[documents and settings/mary/cookies/mary@doubleclick[1].txt]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20060912221941968.zip[documents and settings/mary/cookies/mary@advertising[1].txt]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20060912221941968.zip[documents and settings/mary/cookies/bill@advertising[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060912221941968.zip[documents and settings/mary/cookies/mary@2o7[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060912221941968.zip[documents and settings/mary/cookies/bill@2o7[2].txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\PestPatrol\Quarantine\20060912221941968.zip[documents and settings/mary/cookies/bill@atdmt[1].txt]
Possible Virus. Not disinfected C:\Security\hijackthis\backup-20040211-114810-228.dll
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\bi7.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\biini.inf
Dialer:dialer.bew Not disinfected C:\WINDOWS\SYSTEM32\search.html
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{3954CE66-8217-4476-AF31-C244F096C57C}.exe[KillAndClean.exe]
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{3954CE66-8217-4476-AF31-C244F096C57C}.exe[KillAndCleanUpdate.exe]

Was this post helpful?

View All

No Events found!

Top