Author Topic: Please help remove alcan.a! (Read 1333 times)

Alchemy77 · « **on:** December 05, 2005, 10:30:33 PM »

I was running into some trouble with my computer, so I ran Ad-Aware SE. It turns out I picked up a worm, specifically: win32.p2p-worm.alcan.a

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

I'm not sure how to get it removed on my own, and from browsing the forums here, it seems that my best move is to post a log and ask very nicely for help. So... please help me kill this worm!

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 9:25:09 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\mdm.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elderscrolls.com/home/home.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elderscrolls.com/home/home.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096952331482
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

If anything else is needed, please let me know and I will provide it. I'd really like to get this fixed. Oh, and I'm not sure if it makes any difference or not, but this scan is after a reboot and fresh run of Ad-Aware, and removing the files it finds and identifies as the alcan.a worm.

Thanks a lot in advance.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #1 on:** December 06, 2005, 12:15:33 AM »

Can you do the following please

You have Ad-Aware installed
Open it and check for updates but don't run a scan yet

When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open

Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Download and save p2pnetwork.zip
Then UNZIP it to the BFU Folder

Download and save and then UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

In safe mode

Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

Stay in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Perform action with all infections

Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Do another scan with Hijackthis and put a check next to these entries:

R3 - Default URLSearchHook is missing

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware>>>Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Restart back to Normal mode

Back in Windows
Post a fresh hijackthis log and the whole report from Ewido's

Alchemy77 · « **Reply #2 on:** December 06, 2005, 03:55:40 PM »

Followed the directions you gave, here is the fresh Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:53:35 PM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Quicken\qw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elderscrolls.com/home/home.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elderscrolls.com/home/home.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096952331482
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Report from Ewido's to follow...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         2:05:32 PM, 12/6/2005
+ Report-Checksum:      BD3408B2

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned without backup
   HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\bhoreg\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned without backup
   :mozilla.17:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.18:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.19:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.21:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.22:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.23:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
   :mozilla.24:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
   :mozilla.33:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
   :mozilla.34:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
   :mozilla.35:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.36:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
   :mozilla.40:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.46:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
   :mozilla.47:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
   :mozilla.48:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
   :mozilla.49:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
   :mozilla.56:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
   :mozilla.57:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
   :mozilla.64:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
   :mozilla.65:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
   :mozilla.66:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
   :mozilla.67:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
   :mozilla.68:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
   :mozilla.69:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
   :mozilla.76:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.77:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.78:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.79:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.80:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.81:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.82:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.83:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.84:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.85:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.86:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.87:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.88:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.89:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.90:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.92:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.93:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.94:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.95:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.96:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.97:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.98:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.100:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.101:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.102:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.103:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.104:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.105:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.106:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.107:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.108:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.109:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.110:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.111:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.112:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.113:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.114:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.115:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.116:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.117:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.118:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.119:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.120:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.121:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.122:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.123:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.124:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.125:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.128:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.129:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.130:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned without backup
   :mozilla.148:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned without backup
   :mozilla.151:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned without backup
   :mozilla.152:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned without backup
   :mozilla.153:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned without backup
   :mozilla.157:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned without backup
   :mozilla.159:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
   :mozilla.160:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
   :mozilla.164:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
   :mozilla.165:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
   :mozilla.166:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
   :mozilla.167:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
   :mozilla.168:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
   :mozilla.173:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
   :mozilla.174:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
   :mozilla.193:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned without backup
   :mozilla.199:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.205:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
   :mozilla.212:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.213:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.214:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.215:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.216:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.217:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.218:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
   :mozilla.219:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
   :mozilla.220:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
   :mozilla.221:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.222:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.223:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.224:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.225:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.226:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.227:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.228:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.229:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.230:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.231:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.232:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.233:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.234:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.235:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.236:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.237:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.238:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.239:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
   :mozilla.240:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
   :mozilla.245:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned without backup
   :mozilla.303:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.304:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.305:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.306:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.307:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.308:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.309:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.310:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.311:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.312:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.313:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.314:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.315:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.316:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.317:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.318:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.319:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.320:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.321:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.322:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
   :mozilla.323:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.332:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned without backup
   :mozilla.336:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned without backup
   :mozilla.337:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned without backup
   :mozilla.340:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned without backup
   :mozilla.341:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
   :mozilla.342:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
   :mozilla.343:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
   :mozilla.349:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
   :mozilla.350:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
   :mozilla.351:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
   :mozilla.355:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
   :mozilla.360:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned without backup
   :mozilla.361:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned without backup
   :mozilla.362:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned without backup
   :mozilla.363:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned without backup
   :mozilla.369:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned without backup
   :mozilla.370:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned without backup
   :mozilla.379:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.380:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned without backup
   :mozilla.385:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned without backup
   :mozilla.412:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned without backup
   :mozilla.413:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned without backup
   :mozilla.417:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned without backup
   :mozilla.424:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
   :mozilla.430:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.431:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.432:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.433:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.434:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.435:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.436:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.437:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.438:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
   :mozilla.441:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
   :mozilla.442:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
   :mozilla.443:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
   :mozilla.444:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
   :mozilla.445:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
   :mozilla.446:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
   :mozilla.449:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned without backup
   :mozilla.450:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned without backup
   :mozilla.451:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned without backup
   :mozilla.469:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
   :mozilla.470:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
   :mozilla.471:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
   :mozilla.472:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
   :mozilla.473:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
   :mozilla.474:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
   :mozilla.479:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.489:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.517:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.528:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned without backup
   :mozilla.534:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.538:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
   :mozilla.539:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
   :mozilla.540:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
   :mozilla.541:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
   :mozilla.542:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
   :mozilla.543:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
   :mozilla.544:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
   :mozilla.576:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.577:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.582:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned without backup
   :mozilla.583:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned without backup
   :mozilla.599:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned without backup
   :mozilla.600:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned without backup
   :mozilla.605:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.606:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.607:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.608:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.622:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned without backup
   :mozilla.623:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned without backup
   :mozilla.624:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned without backup
   :mozilla.638:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
   :mozilla.644:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned without backup
   :mozilla.645:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned without backup
   :mozilla.654:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
   :mozilla.657:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned without backup
   :mozilla.658:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned without backup
   :mozilla.664:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.665:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.666:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.667:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.669:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned without backup
   :mozilla.670:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned without backup
   :mozilla.680:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.681:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.682:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.683:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.685:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.686:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.712:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
   :mozilla.812:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned without backup
   :mozilla.816:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned without backup
   :mozilla.828:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned without backup
   :mozilla.837:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
   :mozilla.838:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
   :mozilla.841:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
   :mozilla.845:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
   :mozilla.857:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.864:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
   :mozilla.920:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
   :mozilla.947:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
   :mozilla.948:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
   :mozilla.949:C:\Documents and Settings\The Alchemist\Application Data\Mozilla\Firefox\Profiles\5tx7vmi8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
   C:\Documents and Settings\The Alchemist\Complete\300 Premium Smileys.zip/Setup.exe -> Worm.VB.an : Cleaned without backup
   C:\Documents and Settings\The Alchemist\Complete\3D Merry Christmas Screensaver.zip/Setup.exe -> Worm.VB.an : Cleaned without backup
   C:\Documents and Settings\The Alchemist\Complete\Abyssmedia Audio Converter Plus 3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned without backup
   C:\Documents and Settings\The Alchemist\Complete\Acronis Disk Director Suite 9.0.534.zip/Setup.exe -> Worm.VB.an : Cleaned without backup
   C:\Documents and Settings\The Alchemist\Complete\Acronis Disk Director Suite 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned without backup
   C:\Documents and Settings\The Alchemist\Complete\Acronis Privacy Expert Suite 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned without backup
   C:\Documents and Settings\The Alchemist\Complete\Acronis True

guestolo · « **Reply #3 on:** December 07, 2005, 11:26:31 PM »

Sorry for the delay Alchemy
How's everything running?

Can you do me a favor please, if you still have the Ewido report saved to desktop

Copy and paste back here the rest of the log
DON'T include the top part of the report or any lines that look like this
C:\Documents and Settings\The Alchemist\Complete

Notice the Complete folder in the report, I got the idea of the Complete folder but I want to see everthing else in the bottom of the report

Alchemy77 · « **Reply #4 on:** December 08, 2005, 12:10:12 AM »

Yeah.. for some reason it wouldn't let me reply to my own post. It kept truncating my message at that point, and everything I tried wouldn't work. Anyway, here's the end part of the log. (I've included one of the lines from the "Complete" folder just to give a feeling of continuity.

   C:\Documents and Settings\The Alchemist\Complete\ZoneAlarm Wireless Security 5.5.080.zip/Setup.exe -> Worm.VB.an : Cleaned without backup
   C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned without backup
   C:\Unzipped\ImTOO DVD Audio Ripper 2.0.55.1013\Setup.exe -> Worm.VB.an : Cleaned without backup

::Report End

My problems seem to be gone. I want to be sure the worm(s) are gone though. Any further steps I should take? And let me thank you so much for your help. You're a savior.

guestolo · « **Reply #5 on:** December 08, 2005, 12:16:34 AM »

Quote

Yeah.. for some reason it wouldn't let me reply to my own post

I had the same problem the other night, so I know how you feel

Can you do one last fix please
Optionally, if you didn't intentionally install Party Poker
Please uninstall it

Also, we have to fix one last entry in your log

Do another scan with Hijackthis and put a check next to these entries:

R3 - Default URLSearchHook is missing

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer and post one last hijackthis log
for some minor final cleanup

Alchemy77 · « **Reply #6 on:** December 08, 2005, 12:42:43 AM »

Followed your instructions to the T, including uninstalling PartyPoker (which I had previously installed, but do not care for anyway).

Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:55 PM, on 12/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elderscrolls.com/home/home.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elderscrolls.com/home/home.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5co...b?1096952331482
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f

"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

guestolo · « **Reply #7 on:** December 08, 2005, 12:55:55 AM »

Can you delete this folder if found
C:\Program Files\PartyPoker <-folder

Run hijackthis again, with ALL other windows closed, including this one
Put a tick next to these next entries and then click Fix Checked
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled

You should install this free tool
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection...."

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Alchemy77 · « **Reply #8 on:** December 08, 2005, 01:14:26 AM »

I completed all of the suggested actions, including installing SpywareBlaster. Is there anything else I can do to be sure I'm completely clean of all dirty, malicious data?

Once again, I want to sincerely thank you for all your help. You are a saint. I sent you $5 through PayPal for your time and to aid in the fight against malware. I know it's not a lot, but I'm a starving college student, and I think every little bit probably helps. Thanks so much for your time, effort, and all the positive work you do.

guestolo · « **Reply #9 on:** December 08, 2005, 09:07:44 AM »

Thanks Alchemy, very much appreciated

Stay safe
I'm going to lock this topic as your problems are resolved

TheTechGuide Forum

News:

Author Topic: Please help remove alcan.a! (Read 1333 times)

Alchemy77

Please help remove alcan.a!

guestolo

Please help remove alcan.a!

Alchemy77

Please help remove alcan.a!

guestolo

Please help remove alcan.a!

Alchemy77

Please help remove alcan.a!

guestolo

Please help remove alcan.a!

Alchemy77

Please help remove alcan.a!

guestolo

Please help remove alcan.a!

Alchemy77

Please help remove alcan.a!

guestolo

Please help remove alcan.a!