TheTechGuide Forum

General Category => Tech Clinic => Topic started by: amp on February 03, 2006, 03:16:42 PM

Title: spy sherrif
Post by: amp on February 03, 2006, 03:16:42 PM

can someone help me?  a few days ago a warning appeared on my laptop saying my computer was infected.  on my desktop this red and black spy sherrif message appeared.  a couple of days later, i couldn't even get onto the internet.  this thing also apparently sent out e-mails to all of my contacts, and about 80 to myself.  i bought spy sweeper and performed the scan/ sweep.  now everything appears fine, i can get onto the internet, no more e-mails to myself from this thing ( i deleted them) but my desktop is still blue, and my favorites list is different; it;s not my updated one, and my microsoft works calendar does not open automatically with my reminders, and it should because it was still opening when i had the spy sherrif on there. can anyone help?  i'm really new to all of this! thanks! /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: spy sherrif
Post by: guestolo on February 03, 2006, 03:49:35 PM

Can you please do the following
SpySweeper is a great program, but may not get everything by itself

Can I have you download Hijackthis 1.99.1 from my signature below and save it too a permanent folder on the harddrive

Open Hijackthis.exe
Do a "SCAN and Save a Log file"
Save the log----copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important

Title: spy sherrif
Post by: amp on February 03, 2006, 11:16:11 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:12:02 PM, on 2/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\eee2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michelle\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {56B27C99-B174-BE88-2C06-BDCE69BCE2BA} - C:\WINDOWS\System32\msiocvv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ahub] C:\WINDOWS\ahub.exe
O4 - HKLM\..\Run: [edebqf] C:\WINDOWS\edebqf.exe
O4 - HKLM\..\Run: [hknuj] C:\WINDOWS\hknuj.exe
O4 - HKLM\..\Run: [ncrmvep] C:\WINDOWS\ncrmvep.exe
O4 - HKLM\..\Run: [ajah] C:\WINDOWS\ajah.exe
O4 - HKLM\..\Run: [ybsrylkj] C:\WINDOWS\ybsrylkj.exe
O4 - HKLM\..\Run: [bcpwfaz] C:\WINDOWS\bcpwfaz.exe
O4 - HKLM\..\Run: [dofuhgl] C:\WINDOWS\dofuhgl.exe
O4 - HKLM\..\Run: [oxwz] C:\WINDOWS\oxwz.exe
O4 - HKLM\..\Run: [hTm2lb] C:\documents and settings\tony\local settings\temp\hTm2lb.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C] C:\windows\C.exe
O4 - HKLM\..\Run: [K3] C:\windows\K3.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\System32\inrh95
O4 - HKLM\..\Run: [igfxsrvs] C:\WINDOWS\System32\igfxsrv.exe
O4 - HKLM\..\Run: [tm~*] C:\windows\eee2.exe
O4 - HKLM\..\Run: [loader.exe] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\HJT\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (http://\"http://awbeta.net-nucleus.com\") (HKLM)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab (http://\"http://www.installengine.com/engine/isetup.cab\")
O20 - AppInit_DLLs: C:\WINDOWS\System32\UDHISAPI804h.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

THIS IS MY FIRST LOG FILE; THANKS FOR YOUR HELP!

Title: spy sherrif
Post by: guestolo on February 04, 2006, 01:15:56 AM

Let's get some tools to help us out
==Please download ATF Cleaner (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
This program is for XP and Windows 2000 only
Don't run it yet

==Download SmitRem.exe by Noahdfear (http://\"http://noahdfear.geekstogo.com/click%20counter/click.php?id=1\") and save the file to your desktop.
Don't run it yet

==Download CWShredder.exe (http://\"http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe\") and save to your desktop, don't run yet

==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")

You are running a very out of date version of Ad-Aware
Can you access your add/remove programs via control panel and remove
Ad-Aware 6
I also recommend that you remove
AdwareAlert
It's no longer on the Rogue list, but still not a recommended removal tool

Afterwards
==Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Don't run a scan yet

Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode

I need you to disable the Realtime protections supplied in SpySweeper so it won't interfere in any fixes we try
Open SpySweeper:
Disable any that apply please
Click Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

When that's done
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

In safe mode
Find and delete this file
C:\windows\eee2.exe <-this file
and this folder if you took my advice and removed AdwareAlert
C:\Program Files\AdwareAlert <-this folder

==Run Cwshredder.exe
Click on the FIX button, let it run and fix whatever it finds
When it's done, stay in safe mode
=========================================
 Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
     Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
     Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
=========================================

==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish. Remain in safe mode

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {56B27C99-B174-BE88-2C06-BDCE69BCE2BA} - C:\WINDOWS\System32\msiocvv.dll

O4 - HKLM\..\Run: [ahub] C:\WINDOWS\ahub.exe
O4 - HKLM\..\Run: [edebqf] C:\WINDOWS\edebqf.exe
O4 - HKLM\..\Run: [hknuj] C:\WINDOWS\hknuj.exe
O4 - HKLM\..\Run: [ncrmvep] C:\WINDOWS\ncrmvep.exe
O4 - HKLM\..\Run: [ajah] C:\WINDOWS\ajah.exe
O4 - HKLM\..\Run: [ybsrylkj] C:\WINDOWS\ybsrylkj.exe
O4 - HKLM\..\Run: [bcpwfaz] C:\WINDOWS\bcpwfaz.exe
O4 - HKLM\..\Run: [dofuhgl] C:\WINDOWS\dofuhgl.exe
O4 - HKLM\..\Run: [oxwz] C:\WINDOWS\oxwz.exe
O4 - HKLM\..\Run: [hTm2lb] C:\documents and settings\tony\local settings\temp\hTm2lb.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C] C:\windows\C.exe
O4 - HKLM\..\Run: [K3] C:\windows\K3.exe

O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\System32\inrh95
O4 - HKLM\..\Run: [igfxsrvs] C:\WINDOWS\System32\igfxsrv.exe
O4 - HKLM\..\Run: [tm~*] C:\windows\eee2.exe
O4 - HKLM\..\Run: [loader.exe] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\HJT\AdwareAlert.Exe -boot

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (http://\"http://awbeta.net-nucleus.com\") (HKLM)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab (http://\"http://www.installengine.com/engine/isetup.cab\")
O20 - AppInit_DLLs: C:\WINDOWS\System32\UDHISAPI804h.dll

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Reboot back to Normal mode
Can you post back the following please

1. Post back a fresh hijackthis log
2. Post the whole contents of the Ewido report
3. Post the Whole log made from SmitRem located here C:\Smitfiles.txt

NOTE: You will have to reset your background in Display properties
XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

Title: spy sherrif
Post by: amp on February 04, 2006, 10:41:34 PM

thanks for your quick response; I work all weekend so I am going to try to do this tonight or tomorrow. will let you know how it goes, thanks!

Title: spy sherrif
Post by: amp on February 06, 2006, 12:46:21 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:26:06 PM, on 2/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michelle\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

smitRem © log file
     version 2.8

     by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 02/05/2006
The current time is: 21:58:25.39

Running from
C:\Documents and Settings\Michelle\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

SharedTaskScheduler exporter by Grinler

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!


 checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1440 'explorer.exe'
Killing PID 1440 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

SharedTaskScheduler exporter by Grinler

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~


 ~~~ Wininet.dll ~~~

 CLEAN! /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />


I'M SORRY I CAN'T FIND THE EDWIDO REPORT!  CAN YOU TELL ME HOW TO FIND IT, BECAUSE I WAS SURE THAT I SAVED IT, BUT I DID HAVE AN ERROR MESSAGE WHEN I RAN THE SMITREM, AND NOW I HAVE A BUNCH OF FOLDERS MARKED " BACKUPS" , I THINK I RAN IT TWICE BY ACCIDENT BECAUSE AN ERROR MESSAGE CAME UP SAYING SOMETHING ABOUT WORKING IN SAVE MODE OR DO I WANT TO RESTORE , SO I DID BOTH. OOPS!  PLEASE HELP, I THOUGHT I DID THIS RIGHT CUZ IT TOOK  ABOUT 3 HOURS, THANKS!

Title: spy sherrif
Post by: guestolo on February 06, 2006, 05:57:43 PM

Your Hijackthis log looks good

Quote

AND NOW I HAVE A BUNCH OF FOLDERS MARKED " BACKUPS"

Can you let me know how many folders you have called BACKUPS please on your desktop

Quote

I THINK I RAN IT TWICE BY ACCIDENT BECAUSE AN ERROR MESSAGE CAME UP SAYING SOMETHING ABOUT WORKING IN SAVE MODE OR DO I WANT TO RESTORE , SO I DID BOTH. OOPS!

This is why I mentioned the following

Quote

Wait for the tool to complete and disk cleanup to finish. Remain in safe mode

Oh well, since you ran the tool twice, the second time you would of overwrote the first log
It looks clean however

The Ewido log
You may of saved it to the default location
Try navigating to the following folder
C:\Program Files\ewido\security suite\Reports
and see if the log is found
<security suite> may be named anti-malware

How is everything running?

Title: spy sherrif
Post by: amp on February 06, 2006, 10:38:39 PM

Hi!  Well, I have one actual folder labeled "backups" on my desktop, but within that folder there are 25 actual files.  When I tried to open one of the files a window pops up saying " you are attempting to open a file of type Application Extension ( .dll). also says if I try to open it, it could damage my system.  When I tried to open some of the other files it says it couldn't open them because it needed to know what program created them.  Also, with the Smitrem, the first time I ran it, when it got to the part abaout disk clean up and it said it could take up to 3 hours to clean, right after that message everything just disappeared back to normal, and I wasn't sure if it cleaned it at all, so I ran it again.  I will try to find the Edwido report.  

                I just realized that before installing spysweeeper my mozilla firefox was disabled.  Everything is running fine, but there is a website for my job that I can't get into anymore, and it goes through Micorosoft outlook.  Also, this spy sheriff thing I had, or one of the many things I had, sent out a bunch of e-mail under my name to every contact on my mail list, under the heading "your e-bay account has been suspended", and now road runner has sent me an e-mail saying I'm a spammer. What do I do next, after I find that report?  
Do I still have any security protection, like the adaware se, or spy sweeper, actually enabled? Thanks!

Title: spy sherrif
Post by: guestolo on February 06, 2006, 10:48:27 PM

Quote

I have one actual folder labeled "backups" on my desktop

Leave it there for now, it's a backup folder for Hijackthis, you don't need to try opening the files

Let's just give one more look see at another log
Download F-Secure's BlackLight from HERE (http://\"http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe\") and save it to your Desktop.
Locate and double click blbeta.exe to run it - you will need to accept the license agreement.

Click the Scan button to start and then Next when it has finished scanning.(this scan won't take too long)
A text file, fsbl-date/time, will be saved to your Desktop, copy and paste this into your next post.

After that I'll post some final cleanup and ways of protecting your computer

Watch what emails you open, if you don't recognize who sent it
Delete it, regardless, don't follow a link in an email unless you trust it

What link with Firefox are you having a problem with?

Title: spy sherrif
Post by: amp on February 06, 2006, 11:45:16 PM

I just tried looking for the ewido report, and I still couldn't find it, so I ran it again, hope that's okay.  Everything I see on there, 25 total infections, I saw last night with the original scan.  Here it is, thanks:

 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         10:41:40 PM, 2/6/2006
 + Report-Checksum:      B3AF1A88

 + Scan result:

   C:\Documents and Settings\Michelle\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107790.exe -> Adware.MidADle : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107791.exe -> Adware.MidADle : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107792.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107793.exe -> Downloader.Agent.ae : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107794.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107795.exe -> Spyware.AdSrve : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107796.exe -> Spyware.AdSrve : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107797.exe -> Spyware.UrlSpy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107799.exe -> Spyware.AdSrve : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107800.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107801.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107802.exe -> Downloader.VB.vs : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107803.exe -> Trojan.Dialer.ay : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107804.exe -> Trojan.Kolweb.g : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107805.exe -> Downloader.VB.uc : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107806.exe -> Trojan.Inject.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107807.exe -> Downloader.Delf.zw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107808.dll -> Proxy.Agent.ij : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107809.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107810.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107811.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107812.exe -> Dropper.Agent.abu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107814.exe -> Downloader.Small.bnz : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107815.exe -> Downloader.Small.cho : Cleaned with backup


::Report End

Title: spy sherrif
Post by: amp on February 06, 2006, 11:59:47 PM

I FOUND THE ORIGINAL REPORT, HIDDEN UNDER A FOLDER TITLED "RECENT"; THIS FIRST ONE IS FROM YESTERDAY, DON'T KNOW IF YOU STILL NEED IT OR NOT, SO HERE IT IS:

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         10:24:42 PM, 2/5/2006
 + Report-Checksum:      F5C1E2E1

 + Scan result:

   HKLM\SOFTWARE\Desktop\LicenseStores -> Spyware.MidAddle : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC3BBF86-E4EC-4412-9676-8355468B3B05} -> Spyware.Maxspeed : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.67:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.80:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.101:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.132:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.133:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.138:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.139:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.168:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.185:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.186:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.202:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.203:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.204:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.205:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.213:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.214:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.215:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
   :mozilla.224:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.225:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.226:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.227:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.236:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.237:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.238:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.239:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.243:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.244:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.245:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.249:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.250:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.253:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.254:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.255:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.256:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.257:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.308:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.336:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
   :mozilla.340:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.341:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.349:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.361:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.373:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.385:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
   :mozilla.386:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.387:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.398:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.399:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.412:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   :mozilla.413:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   :mozilla.414:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.415:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.416:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.417:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.433:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.434:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   :mozilla.435:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   :mozilla.463:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.464:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.465:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.466:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.468:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   :mozilla.477:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.479:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.490:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.491:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.492:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.493:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
   :mozilla.494:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
   :mozilla.495:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
   :mozilla.496:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.497:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.498:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.501:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.509:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.540:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.545:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.565:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.566:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.567:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.568:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.569:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.570:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.571:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.578:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.597:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.598:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.599:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.620:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.624:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.664:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Matchcraft : Cleaned with backup
   :mozilla.666:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.714:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.754:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.765:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.766:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.779:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.780:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.827:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.828:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.829:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.830:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.832:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.897:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
   :mozilla.898:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
   :mozilla.940:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.950:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
   :mozilla.958:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.970:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.980:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.80:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.141:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\Documents and Settings\Tony\Cookies\tony@-1shz2prbmdj6wvny-1sez2pra2dj6wfkicmazkcpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Tony\Cookies\tony@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyaocpigoasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Tony\Cookies\tony@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyumdzidpaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~448962.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~526117.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~533831.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~585870.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~595156.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~661390.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~755696.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~758442.tmp -> Downloader.WinTool : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0095988.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0095989.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097988.exe -> Spyware.AproposMedia : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097990.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097991.exe -> Spyware.CashBack : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097992.exe -> Spyware.CashBack : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097996.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097997.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097998.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098010.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098014.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098015.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098016.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098033.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098034.dll -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098035.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098036.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098042.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098043.ocx -> Downloader.VB.ov : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098045.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098047.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098048.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098049.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098050.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098052.exe -> Downloader.Small.cds : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098054.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098055.exe -> Trojan.Dialer.u : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098056.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098057.exe -> Dropper.Agent.abu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098058.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098080.dll -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098081.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098085.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098086.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098090.exe -> Downloader.Small.cds : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098091.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098092.exe -> Worm.Locksky.z : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098093.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098095.exe -> Trojan.Dialer.u : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098096.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098097.exe -> Downloader.Small.chg : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098098.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098099.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098100.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098101.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098103.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099122.dll -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099123.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099126.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099127.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099130.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099131.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099132.ocx -> Downloader.VB.ov : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099134.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099136.exe -> Worm.Locksky.z : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099137.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099138.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099139.exe -> Trojan.Dialer.u : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099140.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099141.exe -> Dropper.Agent.abu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099142.exe -> Downloader.Small.chg : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099143.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099144.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099145.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099146.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099147.exe -> Downloader.Small.cho : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099148.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099149.exe -> Downloader.Small.cds : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100122.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100123.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100125.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100126.dll -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100128.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100129.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information&#

Title: spy sherrif
Post by: guestolo on February 07, 2006, 12:09:03 AM

Can you post the bottom part of that first Ewido log you found

Also, can you do the following please
Download F-Secure's BlackLight from HERE (http://\"http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe\") and save it to your Desktop.
Locate and double click blbeta.exe to run it - you will need to accept the license agreement.

Click the Scan button to start and then Next when it has finished scanning.(this scan won't take too long)
A text file, fsbl-date/time, will be saved to your Desktop, copy and paste this into your next post.

Additionally, can you let me know the following
I asked you too run ATF-Cleaner in safe mode
Did you run the program as I posted???
Did you clean Firefox with it??

Title: spy sherrif
Post by: amp on February 08, 2006, 11:17:39 PM

Hi,  I did run the ATF cleaner in safe mode, and here's the Blacklight log:

02/08/06 21:42:23 [Info]: BlackLight Engine 1.0.30 initialized
02/08/06 21:42:23 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/08/06 21:42:24 [Note]: 7019 4
02/08/06 21:42:24 [Note]: 7005 0
02/08/06 21:42:45 [Note]: 7006 0
02/08/06 21:42:45 [Note]: 7011 2456
02/08/06 21:42:46 [Note]: FSRAW library version 1.7.1014
02/08/06 21:44:16 [Note]: 4013 30229
02/08/06 21:44:16 [Note]: 4020 94 6160384
02/08/06 21:44:16 [Note]: 4018 94 6160384
02/08/06 21:45:34 [Note]: 7007 0

this is the first ewido report:
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         10:24:42 PM, 2/5/2006
 + Report-Checksum:      F5C1E2E1

 + Scan result:

   HKLM\SOFTWARE\Desktop\LicenseStores -> Spyware.MidAddle : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC3BBF86-E4EC-4412-9676-8355468B3B05} -> Spyware.Maxspeed : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.67:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.80:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.101:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.132:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.133:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.138:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.139:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.168:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.185:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.186:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.202:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.203:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.204:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.205:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.213:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.214:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.215:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
   :mozilla.224:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.225:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.226:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.227:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.236:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.237:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.238:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.239:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
   :mozilla.243:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.244:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.245:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.249:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.250:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.253:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.254:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.255:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.256:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.257:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.308:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.336:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
   :mozilla.340:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.341:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.349:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.361:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.373:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.385:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
   :mozilla.386:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.387:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   :mozilla.398:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.399:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.412:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   :mozilla.413:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   :mozilla.414:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.415:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.416:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.417:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.433:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.434:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   :mozilla.435:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   :mozilla.463:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.464:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.465:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.466:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.468:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   :mozilla.477:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.479:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.490:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.491:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.492:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.493:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
   :mozilla.494:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
   :mozilla.495:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
   :mozilla.496:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.497:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.498:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   :mozilla.501:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.509:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.540:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.545:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.565:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.566:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.567:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.568:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.569:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.570:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.571:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.578:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.597:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.598:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.599:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.620:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.624:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.664:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Matchcraft : Cleaned with backup
   :mozilla.666:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.714:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.754:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.765:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.766:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.779:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.780:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.827:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.828:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.829:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.830:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.832:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.897:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
   :mozilla.898:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
   :mozilla.940:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.950:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
   :mozilla.958:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.970:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.980:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.80:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.141:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\Documents and Settings\Tony\Cookies\tony@-1shz2prbmdj6wvny-1sez2pra2dj6wfkicmazkcpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Tony\Cookies\tony@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyaocpigoasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Tony\Cookies\tony@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyumdzidpaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~448962.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~526117.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~533831.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~585870.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~595156.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~661390.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~755696.tmp -> Downloader.WinTool : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temp\~758442.tmp -> Downloader.WinTool : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0095988.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0095989.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097988.exe -> Spyware.AproposMedia : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097990.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097991.exe -> Spyware.CashBack : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097992.exe -> Spyware.CashBack : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097996.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097997.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0097998.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098010.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098014.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098015.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098016.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098033.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098034.dll -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098035.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098036.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098042.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098043.ocx -> Downloader.VB.ov : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098045.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098047.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098048.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098049.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098050.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098052.exe -> Downloader.Small.cds : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098054.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098055.exe -> Trojan.Dialer.u : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098056.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098057.exe -> Dropper.Agent.abu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098058.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098080.dll -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098081.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098085.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098086.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098090.exe -> Downloader.Small.cds : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098091.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098092.exe -> Worm.Locksky.z : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098093.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098095.exe -> Trojan.Dialer.u : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098096.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098097.exe -> Downloader.Small.chg : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098098.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098099.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098100.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098101.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0098103.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099122.dll -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099123.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099126.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099127.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099130.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099131.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099132.ocx -> Downloader.VB.ov : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099134.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099136.exe -> Worm.Locksky.z : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099137.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099138.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099139.exe -> Trojan.Dialer.u : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099140.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099141.exe -> Dropper.Agent.abu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099142.exe -> Downloader.Small.chg : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099143.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099144.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099145.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099146.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099147.exe -> Downloader.Small.cho : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099148.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0099149.exe -> Downloader.Small.cds : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100122.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100123.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100125.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0100126.dll -

Title: spy sherrif
Post by: guestolo on February 08, 2006, 11:20:02 PM

Quote

Can you post the bottom part of that first Ewido log you found

You keep posting the top part of it
That's not the whole log, the forum may not allow you too post the whole log as it's too long
But I want to see it ALL
Use multiple replies to post the whole log if you have too

Title: spy sherrif
Post by: amp on February 08, 2006, 11:25:09 PM

sorry, here is the end of the first ewido report:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104330.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104331.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104332.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104333.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104334.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104335.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104336.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104337.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104338.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104339.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104340.dll -> Spyware.Esyndic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104342.exe -> Adware.eZula : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104343.exe -> Adware.eZula : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104344.exe -> Adware.eZula : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104345.exe -> Adware.eZula : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104346.dll -> Adware.eZula : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104347.dll -> Adware.eZula : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104348.dll -> Adware.eZula : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104351.exe -> Spyware.AdSrve.b : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104352.exe/systb.dll -> Spyware.ImiBar : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104353.dll -> Spyware.ImiBar : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104354.dll -> Downloader.Dyfuca.dt : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104355.dll -> Downloader.Keenval.e : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104356.exe -> Downloader.Keenval.e : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104357.exe -> Downloader.Keenval.e : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104359.dll -> Downloader.Rameh.c : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104360.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104361.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104362.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104363.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104364.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104365.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104366.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104367.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104368.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104369.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104370.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104371.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104372.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104373.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104374.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104375.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104376.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104377.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104378.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104379.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104380.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104381.exe -> Spyware.PowerScan : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104382.ocx -> Spyware.MediaMotor : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104383.dll -> Trojan.Septic.a : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104385.exe -> Downloader.Small.abd : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104389.EXE -> Downloader.Small.wk : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104392.exe -> Spyware.BiSpy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104393.exe -> Spyware.BiSpy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104394.dll -> Spyware.BiSpy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104395.dll -> Spyware.VirtualBouncer : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104399.dll -> Spyware.WebHancer : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104400.exe/WhAgent.exe -> Spyware.WebHancer : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104401.exe -> Spyware.WebHancer : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104405.dll -> Adware.MidADle : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104406.dll -> Adware.MidADle : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104407.exe -> Spyware.WinFetcher.b : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104428.exe -> Trojan.ExHosts : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104431.dll -> Spyware.VirtualBouncer : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104432.dll -> Spyware.VirtualBouncer : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104433.dll -> Spyware.VirtualBouncer : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104434.dll -> Spyware.VirtualBouncer : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104437.exe -> Downloader.Agent.ae : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104438.exe -> Spyware.BiSpy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104439.exe -> Downloader.Agent.ae : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104441.exe -> Downloader.Apropo.h : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104442.exe -> Spyware.AproposMedia : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104443.exe -> Downloader.Apropo.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104445.exe -> Spyware.PurityScan : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104446.exe -> Downloader.Small.oe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104447.exe -> Downloader.Small.oe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104448.exe -> Downloader.Small.oe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104449.exe -> Downloader.Small.Iq : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104450.exe -> Dropper.Delf.z : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104451.dll -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104452.exe -> Trojan.Revop.b : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104454.exe -> Downloader.Small.gl : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104456.dll -> Downloader.Agent.br : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104457.dll -> Trojan.Zapchast : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104465.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104468.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104469.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104471.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104472.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104473.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104475.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104476.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104477.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104478.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104480.exe -> Spyware.WinFetcher : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104487.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104491.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104492.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104494.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104497.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104500.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104501.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0104502.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105487.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105490.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105491.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105493.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105494.ocx -> Spyware.MediaMotor : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105496.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105498.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105500.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105501.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0105502.dll -> Spyware.PurityScan : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106487.dll -> Trojan.Agent.nw : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106490.dll -> Worm.Locksky.p : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106492.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106495.exe -> Proxy.Small.ea : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106496.ocx -> Spyware.MediaMotor : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106498.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106500.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106501.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106502.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106619.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106620.exe -> Worm.Locksky.z : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106621.exe -> Worm.Locksky.z : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106622.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106623.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106624.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106625.exe -> Backdoor.Agent.qr : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106626.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106627.exe -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106628.exe -> Downloader.Small.chg : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106629.dll -> Backdoor.Small.jo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106630.exe -> Downloader.3746.A : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106631.exe -> Spyware.UrlSpy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106632.exe -> Spyware.IEDriver : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106633.exe -> Spyware.UrlSpy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106638.ocx -> Downloader.VB.ov : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106642.exe -> Dropper.Small.aeq : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106643.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106644.exe -> Downloader.Agent.tv : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106647.exe -> Trojan.LowZones.am : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106649.exe -> Downloader.Dyfuca.EI : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106651.dll -> Adware.Mirar : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106652.exe -> Adware.SaveNow : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106653.exe -> Downloader.Small.cds : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106654.exe -> Downloader.Tibs.bu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106655.exe -> Downloader.Agent.adv : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106656.exe -> Downloader.Small.aqu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106657.exe -> Downloader.Small.aqu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106658.exe -> Downloader.Small.aqu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106659.exe -> Trojan.Dialer.u : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106660.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106662.srg -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106663.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106664.exe -> Downloader.Small.awa : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106665.dll -> Trojan.Agent.eu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106666.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106667.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106668.dll -> Spyware.Ihbo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106669.dll -> Spyware.Ihbo : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106670.exe -> Downloader.CWS.s : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107785.exe -> Adware.MediaMotor : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107788.exe -> Not-A-Virus.Hoax.Win32.Renos.av : Cleaned with backup
   C:\WINDOWS\C.exe -> Adware.MidADle : Cleaned with backup
   C:\WINDOWS\K3.exe -> Adware.MidADle : Cleaned with backup
   C:\WINDOWS\piz..exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
   C:\WINDOWS\polall1t.exe -> Downloader.Agent.ae : Cleaned with backup
   C:\WINDOWS\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
   C:\WINDOWS\SYSTEM32\ADPTIF03.exe -> Spyware.AdSrve : Cleaned with backup
   C:\WINDOWS\SYSTEM32\ASFSIPC8.exe -> Spyware.AdSrve : Cleaned with backup
   C:\WINDOWS\SYSTEM32\AVMETER0.exe -> Spyware.UrlSpy : Cleaned with backup
   C:\WINDOWS\SYSTEM32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\SYSTEM32\BIDISPL6.exe -> Spyware.AdSrve : Cleaned with backup
   C:\WINDOWS\SYSTEM32\elitefjt32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\SYSTEM32\kalvyfd32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\SYSTEM32\loader.exe -> Downloader.VB.vs : Cleaned with backup
   C:\WINDOWS\SYSTEM32\maxd64.exe -> Trojan.Dialer.ay : Cleaned with backup
   C:\WINDOWS\SYSTEM32\mirindaspl.exe -> Trojan.Kolweb.g : Cleaned with backup
   C:\WINDOWS\SYSTEM32\mmxp2passion.exe -> Downloader.VB.uc : Cleaned with backup
   C:\WINDOWS\SYSTEM32\mspostsp.exe -> Trojan.Inject.i : Cleaned with backup
   C:\WINDOWS\SYSTEM32\msshed32.exe -> Downloader.Delf.zw : Cleaned with backup
   C:\WINDOWS\SYSTEM32\msupdate32.dll -> Proxy.Agent.ij : Cleaned with backup
   C:\WINDOWS\SYSTEM32\qecjkfa.exe_ -> Downloader.Agent.ae : Cleaned with backup
   C:\WINDOWS\SYSTEM32\sachostm.exe -> Worm.Locksky.ab : Cleaned with backup
   C:\WINDOWS\SYSTEM32\vxgame6.exe -> Trojan.Small : Cleaned with backup
   C:\WINDOWS\SYSTEM32\vxgamet2.exe -> Trojan.Small : Cleaned with backup
   C:\WINDOWS\SYSTEM32\vxgamet3.exe -> Dropper.Agent.abu : Cleaned with backup
   C:\WINDOWS\SYSTEM32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.av : Cleaned with backup
   C:\WINDOWS\SYSTEM32\winrun.exe -> Downloader.Small.bnz : Cleaned with backup
   C:\WINDOWS\SYSTEM32\wwwloader.exe -> Downloader.Small.cho : Cleaned with backup


::Report End

there is a website i can't log on to for work, that goes through "citrix metaframe" and I don't know if it's a problem with the website or my pc.  everything is running fine, no pop ups but the last 2 days my pc is running slower and internet explorer keeps giving me popups saying there was a problem connecting to the page i was trying to get to. Thanks!

Title: spy sherrif
Post by: guestolo on February 08, 2006, 11:47:09 PM

Can you do the following please
Download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe (http://\"http://www.downloads.subratam.org/LQfix.exe\")
http://miekiemoes.geekstogo.com/tools/LQfix.exe (http://\"http://miekiemoes.geekstogo.com/tools/LQfix.exe\")

Save it to your desktop.

• Double-Click LQfix.exe and click Next > Next > Install.
  
• Leave the default settings, if you change them, the fix will Fail!
  
• You need an active Internet connection, so make sure your connection is enabled.
• Now make sure the "Launch LQfix" box is checked.
  
• Click the Finish button, after clicking the Finish button the fix will start.
  
• Follow the on-screen prompts.
• Your system will reboot afterwards.
• Please be patient after the reboot, there is a script running in the background that needs to complete.

Back in windows
Use Internet Explorer and Run the online Panda ActiveScan (http://\"http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan.htm&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest\")
    * Once you are on the Panda site click the Scan your PC button.
    * A new window will open...click the big Check Now button.
    * Enter your Country.
    * Enter your State/Province.
    * Enter your e-mail address.
    * Select either "Home User or Company."
    * Click the big Scan Now button.
    * Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
    * Click on Local Disks to start the scan.

When the scan is complete
 click See Report, then click Save Report and save it to your Desktop.

Post back this report along with a fresh hijackthis log

Title: spy sherrif
Post by: amp on February 26, 2006, 10:35:13 PM

sorry this took so long; my pc has been running slow; here is what you asked for:

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt[]                                                                                                                                                    
Adware:adware/tvmedia                                                           Not disinfected               C:\Documents and Settings\Michelle\Application Data\tvmcwrd.dll                                                                                                                                                                                                
Spyware:Cookie/2o7.net                                                          Not disinfected               C:\Documents and Settings\Michelle\Cookies\michelle@2o7[2].txt                                                                                                                                                                                                  
Spyware:Cookie/PointRoll                                                        Not disinfected               C:\Documents and Settings\Michelle\Cookies\[email protected][2].txt                                                                                                                                                                                        
Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\Michelle\Cookies\michelle@advertising[2].txt                                                                                                                                                                                          
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Michelle\Cookies\michelle@atdmt[2].txt                                                                                                                                                                                                
Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\Michelle\Cookies\michelle@doubleclick[1].txt                                                                                                                                                                                          
Spyware:Cookie/Hitbox                                                           Not disinfected               C:\Documents and Settings\Michelle\Cookies\michelle@hitbox[2].txt                                                                                                                                                                                              
Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\Michelle\Cookies\michelle@realmedia[2].txt                                                                                                                                                                                            
Spyware:Cookie/WUpd                                                             Not disinfected               C:\Documents and Settings\Michelle\Cookies\michelle@revenue[2].txt                                                                                                                                                                                              
Spyware:Cookie/Searchportal                                                     Not disinfected               C:\Documents and Settings\Michelle\Cookies\[email protected][1].txt                                                                                                                                                                            
Adware:Adware/PurityScan                                                        Not disinfected               C:\Documents and Settings\Michelle\Desktop\backups\backup-20060205-225954-256.dll                                                                                                                                                                              
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Michelle\Desktop\smitRem\Process.exe                                                                                                                                                                                                  
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Michelle\Desktop\smitRem.exe[Process.exe]                                                                                                                                                                                            
Spyware:Cookie/go                                                               Not disinfected               C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt[]                                                                                                                                                        
Virus:Exploit/ByteVerify                                                        Not disinfected               C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-71e7725f.zip[GetAccess.class]                                                                                                                  
Virus:Exploit/ByteVerify                                                        Not disinfected               C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-71e7725f.zip[InsecureClassLoader.class]                                                                                                        
Virus:Exploit/ByteVerify                                                        Not disinfected               C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-71e7725f.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify                                                        Not disinfected               C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-71e7725f.zip[Installer.class]                                                                                                                  
Spyware:Cookie/Target                                                           Not disinfected               C:\Documents and Settings\Tony\Cookies\tony@target[1].txt                                                                                                                                                                                                      
Spyware:Cookie/WinFixer                                                         Not disinfected               C:\Documents and Settings\Tony\Cookies\tony@winfixer[1].txt                                                                                                                                                                                                    
Adware:Adware/PurityScan                                                        Not disinfected               C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\698RM5YX\!update-3395[1].0000                                                                                                                                                
Virus:Trj/Downloader.VC                                                         Not disinfected               C:\go_1.exe                                                                                                                                                                                                                                                    
Adware:Adware/KeenValue                                                         Not disinfected               C:\Program Files\Kazaa\PerfectNavUninstall.exe                                                                                                                                                                                                                  
Adware:Adware/PurityScan                                                        Not disinfected               C:\Program Files\rdso\eetu.exe                                                                                                                                                                                                                                  
Adware:adware/clickalchemy                                                      Not disinfected               C:\WINDOWS\alchem.ini                                                                                                                                                                                                                                          
Adware:Adware/EliteBar                                                          Not disinfected               C:\WINDOWS\blocklist.reg                                                                                                                                                                                                                                        
Adware:adware/downloadware                                                      Not disinfected               C:\WINDOWS\Digital Signature 20040926.htm                                                                                                                                                                                                                      
Adware:adware/gator                                                             Not disinfected               C:\WINDOWS\GatorUninstaller_cme.log                                                                                                                                                                                                                            
Adware:adware/powerstrip                                                        Not disinfected               C:\WINDOWS\PreProcess.data                                                                                                                                                                                                                                      
Spyware:application/bestoffer                                                   Not disinfected               C:\WINDOWS\smdat32a.sys                                                                                                                                                                                                                                        
Spyware:Spyware/Media-motor                                                     Not disinfected               C:\WINDOWS\surv3.exe                                                                                                                                                                                                                                            
Adware:adware/keenvalue                                                         Not disinfected               C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho                                                                                                                                                                                                                      
Adware:adware/wupd                                                              Not disinfected               C:\WINDOWS\SYSTEM32\ide21201.vxd                                                                                                                                                                                                                                
Adware:adware/adsmart                                                           Not disinfected               C:\WINDOWS\SYSTEM32\kernels64.exe                                                                                                                                                                                                                              
Adware:Adware/PurityScan                                                        Not disinfected               C:\WINDOWS\SYSTEM32\l?gonui.exe                                                                                                                                                                                                                                
Adware:Adware/StatBlaster                                                       Not disinfected               C:\WINDOWS\SYSTEM32\O                                                                                                                                                                                                                                          
Adware:Adware/StatBlaster                                                       Not disinfected               C:\WINDOWS\SYSTEM32\O.BAT                                                                                                                                                                                                                                      
Adware:adware/cashdeluxe                                                        Not disinfected               C:\WINDOWS\SYSTEM32\shell386.exe                                                                                                                                                                                                                                
Adware:adware/craft                                                             Not disinfected               C:\WINDOWS\SYSTEM32\web.exe                                                                                                                                                                                                                                    
Adware:adware/purityscan                                                        Not disinfected               C:\WINDOWS\SYSTEM32\wtssvtr.exe                                                                                                                                                                                                                                
Logfile of HijackThis v1.99.1
Scan saved at 9:33:28 PM, on 2/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michelle\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: spy sherrif
Post by: guestolo on February 27, 2006, 08:11:10 PM

Open the Windows control panel, double click to open the Java icon
Depending on your version of Java
Under the General tab>>Delete files, OK the prompt
or under the Cache tab>>CLear cache

Ewido should of removed some of those bad files for you
OPEN EWIDO:
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")

Save the rest of these instructions to a Notepad file saved to your desktop or Print them out

== Download Hoster.zip (http://\"http://www.funkytoad.com/download/hoster.zip\")  and unzip it too a folder of it's own

Can you do the following please
Download The Avenger by Swandog46 (http://\"http://swandog46.geekstogo.com/avenger.zip\")
and save it to your Desktop.
Right click on avenger.zip and
Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:
don't include the word "quote" please

Quote

Files to delete:
C:\go_1.exe
C:\Program Files\Kazaa\PerfectNavUninstall.exe
C:\WINDOWS\alchem.ini
C:\WINDOWS\blocklist.reg
C:\WINDOWS\Digital Signature 20040926.htm
C:\WINDOWS\GatorUninstaller_cme.log
C:\WINDOWS\PreProcess.data
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\surv3.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
C:\WINDOWS\SYSTEM32\ide21201.vxd
C:\WINDOWS\SYSTEM32\kernels64.exe
C:\WINDOWS\SYSTEM32\O
C:\WINDOWS\SYSTEM32\O.BAT
C:\WINDOWS\SYSTEM32\shell386.exe
C:\WINDOWS\SYSTEM32\web.exe
C:\WINDOWS\SYSTEM32\wtssvtr.exe

Folders to delete:
C:\Program Files\rdso

Now click the 'Done' button.
Click on the traffic light icon and OK the prompt.
You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it.

"Allow to reboot back to Normal mode"
Don't open any windows yet, instead

Open Hoster
Then select the "Restore Original Hosts" button and ok the prompt

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

=========================================
 Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
     Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
     Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
=========================================

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Return to Normal mode

Please post the below logs
1. Post a fresh hijackthis log
2. Post the Whole report from Ewido's
3. Avenger.exe would of produced a report>>>C:\avenger.txt
Please post the whole contents

Title: spy sherrif
Post by: amp on March 10, 2006, 09:46:16 PM

Questolo, hi...sorry so late; my laptop has been really slow and everytime I open it the hourglass stays on for a very long time and I'm unable to do anything at all at that time.  Also, before I forget, I wanted to let you know that a few weeks ago, in the midst of all these problems, my roadrunner e-mail address sent out e-mails to EVERYONE in my known contacts list, most likely infected e-mails; i got a bunch returned to me, and they all said something about ebay.  Anyway, here are the results of my scans, thanks:

Logfile of HijackThis v1.99.1
Scan saved at 8:29:21 PM, on 3/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michelle\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         7:01:21 PM, 3/10/2006
 + Report-Checksum:      DC4E4BD3

 + Scan result:

   HKU\S-1-5-21-3962561463-2826087509-1140141477-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} -> Adware.Generic : Cleaned with backup
   C:\avenger\backup.zip/avenger/PerfectNavUninstall.exe -> Downloader.Keenval.e : Cleaned with backup
   C:\avenger\backup.zip/avenger/surv3.exe -> Downloader.VB.vv : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
   :mozilla.210:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.211:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.268:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.269:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.270:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.271:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.272:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.273:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.274:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.573:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\xb9fxqaz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   C:\Documents and Settings\Michelle\Desktop\backups\backup-20060205-225954-256.dll -> Adware.PurityScan : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\poe7l0sn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\698RM5YX\!update-3395[1].0000 -> Downloader.PurityScan.bs : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0106636.exe -> Downloader.VB.dm : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP121\A0107816.dll -> Adware.PurityScan : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP123\A0117169.dll -> Trojan.Agent.eu : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP126\A0118396.exe -> Downloader.Keenval.e : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP126\A0118401.exe -> Downloader.VB.vv : Cleaned with backup


::Report End

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lcyyjeub

*******************

Script file located at: \??\C:\Documents and Settings\hswewmka.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\go_1.exe deleted successfully.
File C:\Program Files\Kazaa\PerfectNavUninstall.exe deleted successfully.
File C:\WINDOWS\alchem.ini deleted successfully.
File C:\WINDOWS\blocklist.reg deleted successfully.
File C:\WINDOWS\Digital Signature 20040926.htm deleted successfully.
File C:\WINDOWS\GatorUninstaller_cme.log deleted successfully.
File C:\WINDOWS\PreProcess.data deleted successfully.
File C:\WINDOWS\smdat32a.sys deleted successfully.
File C:\WINDOWS\surv3.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho deleted successfully.
File C:\WINDOWS\SYSTEM32\ide21201.vxd deleted successfully.
File C:\WINDOWS\SYSTEM32\kernels64.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\O deleted successfully.
File C:\WINDOWS\SYSTEM32\O.BAT deleted successfully.
File C:\WINDOWS\SYSTEM32\shell386.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\web.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\wtssvtr.exe deleted successfully.
Folder C:\Program Files\rdso deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Title: spy sherrif
Post by: guestolo on March 12, 2006, 04:10:02 PM

Seeing as you may not reply back for a couple weeks
Can you do the following

Please download Rootkit Revealer (http://\"http://www.sysinternals.com/utilities/rootkitrevealer.html\") (link is at the very bottom of the page)

    * Unzip it to your desktop.
    * Double-click rootkitrevealer.exe
    * Click the Scan button (bottom right)
    * It may take a while to scan (don't do anything while it's running)
    * When it's done, go up to File > Save. Choose to save it to your desktop.
    * Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

Also post a fresh hijackthis log

Title: spy sherrif
Post by: amp on March 17, 2006, 10:49:01 PM

Questolo:  had to do the rootkitrevealer scan twice; the 1st time it seemed to get stuck while performing the scan.  Also, I had a diffucult time saving my scan results to my desktop; when it asked where I wanted to save it to, it kept automatically defaulting to a folder called "system 32" which seems to always come up with all of the different scans.  what is this system 32?  ( i had to save it in my documents) here are the results:

C:\Documents and Settings\Michelle\Local Settings\Temp\_td1F.tmp   3/15/2006 11:06 PM   0 bytes   Hidden from Windows API.

Logfile of HijackThis v1.99.1
Scan saved at 9:35:10 PM, on 3/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Michelle\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: spy sherrif
Post by: guestolo on March 19, 2006, 07:20:11 PM

That's doesn't look bad, can you do one more thing please
==Download and Install
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
If you have no files saved as tmp or in a temp location that you want to keep, most don't
Run the Standard cleanUp!
If your unsure
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done
Reboot the computer

Post back one last hijackthis log

Title: spy sherrif
Post by: amp on March 24, 2006, 10:01:29 PM

Question:  Why can't I click on links from my e-mails anymore?  I used to be able to before all of this spy sheriff stuff.  Also, when i open up my laptop to get to the internet, the sandbar is on for a long time, thanks!  

Logfile of HijackThis v1.99.1
Scan saved at 8:30:06 PM, on 3/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Michelle\Desktop\hijackthis.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Documents and Settings\Michelle\Desktop\hijackthis.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Documents and Settings\Michelle\Desktop\hijackthis.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: spy sherrif
Post by: guestolo on March 25, 2006, 12:16:14 AM

UMMM!
I'm locking this thread

It is becoming way to difficult trying to help any further as the response times are spread too far apart
If you have other problems please start a new post
It doesn't appear that your problems are related to spyware or malware any further