Aurora help needed

Thread Solved
1 2

Join Date: Jun 2005
Posts: 88
Reputation: sampson is an unknown quantity at this point 
Solved Threads: 0
sampson sampson is offline Offline
Junior Poster in Training

Aurora help needed

 
0
  #1
Jun 21st, 2005
I definitely have the dreaded aurora virus/disease in my computer. From reading this board I know I nned to download hijackthis program. Is there any special way to do this? I then post the log right? I am not very experienced in fixing problems related to computers. I appreciate the assistance
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 363
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Aurora help needed

 
0
  #2
Jun 21st, 2005
You're right- running HijackThis (and then posting the log it generates) is the first step; here are instructions which should help:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downl...HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Make a new folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 88
Reputation: sampson is an unknown quantity at this point 
Solved Threads: 0
sampson sampson is offline Offline
Junior Poster in Training

Re: Aurora help needed

 
0
  #3
Jun 22nd, 2005
Ok...I know this is a stupid question but....

I downloaded the HJT. It is now on my desktop. I have not made a folder for it yet do I need to and if so can I place thisnew folder on the desktop???
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora help needed

 
0
  #4
Jun 22nd, 2005
If you have an hijackthis.exe icon on your desktop, do this:

Right-click in an empty area of your desktop and select New, Folder; give the folder a name (something like HJT or HijackThis). Then, drag the hijackthis.exe icon into this folder.

Close any open browser windows, open HijackThis, and click on 'Scan and Save Log'

Copy the log and paste it here in this thread.
Links to help you help yourself :

Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html

Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html

Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 88
Reputation: sampson is an unknown quantity at this point 
Solved Threads: 0
sampson sampson is offline Offline
Junior Poster in Training

Re: Aurora help needed

 
0
  #5
Jun 22nd, 2005
Here is the log....thanks for the assistance.

C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [bgjxyqb] c:\windows\system32\bgjxyqb.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [csyogpm] c:\windows\system32\nnctur.exe r
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095603910345
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex...oadcontrol.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOW
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora help needed

 
0
  #6
Jun 22nd, 2005
You will need to disconnect from the internet so you may wish to print these instructions.

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail...e/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet).

Download Nailfix from here:
http://www.noidea.us/easyfile/file.p...50515010747824
Unzip it to your desktop, but do not run it yet.

Disconnect from the net and reboot into Safe Mode.

Double-click on the Nailfix.cmd that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Reboot normally.

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [bgjxyqb] c:\windows\system32\bgjxyqb.exe
O4 - HKLM\..\Run: [csyogpm] c:\windows\system32\nnctur.exe r
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1095603910345
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/active...loadcontrol.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Be sure to close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
C:\windows\system32\bgjxyqb.exe
C:\windows\system32\nnctur.exe
C:\WINDOWS\svcproc.exe

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with hijackthis, and post a new log along with the log from the Ewido scan.
Links to help you help yourself :

Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html

Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html

Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 88
Reputation: sampson is an unknown quantity at this point 
Solved Threads: 0
sampson sampson is offline Offline
Junior Poster in Training

Re: Aurora help needed

 
0
  #7
Jun 23rd, 2005
here is the latest HJT log.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\windows\system32\hpklvh.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [oxpacud] c:\windows\system32\hpklvh.exe r
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Americ


This the the Ewido report..
-----------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:14:01 AM, 6/23/2005
+ Report-Checksum: C5D55B78

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\saap -> Spyware.180Solutions
HKLM\SOFTWARE\saap -> Spyware.180Solutions
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\BTGrab -> Spyware.BetterInternet
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\intexp -> Spyware.IEPlugin
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\intexp\Config -> Spyware.IEPlugin
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\saap -> Spyware.180Solutions
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgemc.exe -> Heuristic.Win32.Dialer
:mozilla.9:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adjuggler
:mozilla.26:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Atdmt
:mozilla.27:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Netshelter
:mozilla.28:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Netshelter
:mozilla.29:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Netshelter
:mozilla.30:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adtech
:mozilla.31:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adtech
:mozilla.32:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Smarttargetting
:mozilla.33:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick
:mozilla.34:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick
:mozilla.36:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick
:mozilla.37:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick
:mozilla.43:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Questionmarket
:mozilla.44:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Doubleclick
:mozilla.45:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Mediaplex
:mozilla.46:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Mediaplex
:mozilla.47:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys
:mozilla.48:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys
:mozilla.49:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys
:mozilla.50:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys
:mozilla.51:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys
:mozilla.59:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7
:mozilla.60:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7
:mozilla.61:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7
:mozilla.62:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7
:mozilla.63:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7
:mozilla.64:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7
:mozilla.68:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4
:mozilla.69:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4
:mozilla.70:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4
:mozilla.71:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4
:mozilla.72:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4
:mozilla.73:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4
:mozilla.74:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram
:mozilla.75:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram
:mozilla.84:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trendmicro
:mozilla.99:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Findwhat
:mozilla.102:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Centrport
:mozilla.103:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Centrport
:mozilla.105:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Bluestreak
:mozilla.112:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick
:mozilla.113:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick
:mozilla.114:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adbureau
:mozilla.115:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick
:mozilla.120:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adbureau
:mozilla.148:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Com
:mozilla.149:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Com
:mozilla.150:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Wwwdownload
:mozilla.151:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox
:mozilla.152:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox
:mozilla.153:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox
:mozilla.155:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll
:mozilla.156:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll
:mozilla.157:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll
:mozilla.160:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion
:mozilla.161:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Go2net
:mozilla.162:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Googleadservices
:mozilla.163:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Dogpile
:mozilla.164:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Dogpile
:mozilla.165:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Clickbank
:mozilla.166:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Paretologic
:mozilla.167:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Paretologic
:mozilla.168:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Overture
:mozilla.169:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Overture
:mozilla.170:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.171:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.172:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.173:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.174:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.175:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.176:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.177:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.178:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.179:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.182:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Webtrendslive
:mozilla.189:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture
:mozilla.190:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Apmebf
:mozilla.191:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture
:mozilla.192:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.193:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.198:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox
:mozilla.199:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Maxserving
:mozilla.200:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Maxserving
:mozilla.201:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Rpts
:mozilla.208:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Bfast
:mozilla.212:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Linksynergy
:mozilla.213:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Linksynergy
:mozilla.218:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Paycounter
:mozilla.219:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture
:mozilla.230:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Valueclick
:mozilla.231:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Valueclick
:mozilla.241:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Statcounter
:mozilla.250:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Liveperson
:mozilla.251:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Liveperson
:mozilla.252:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Liveperson
:mozilla.253:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Keywordmax
:mozilla.260:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Netflix
:mozilla.261:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Netflix
:mozilla.262:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Netflix
:mozilla.263:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Netflix
:mozilla.264:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Netflix
:mozilla.265:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Rodale
:mozilla.269:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sitebrand
:mozilla.270:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sitebrand
:mozilla.271:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sitebrand
:mozilla.306:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.307:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.308:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.309:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.6:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.2o7
:mozilla.7:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.2o7
:mozilla.8:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.2o7
:mozilla.9:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.2o7
:mozilla.12:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Centrport
:mozilla.23:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Rpts
:mozilla.24:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Cjt1
:mozilla.25:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Cjt1
:mozilla.26:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Cjt1
:mozilla.27:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Cjt1
:mozilla.28:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Cjt1
:mozilla.29:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Cjt1
:mozilla.30:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Cjt1
:mozilla.31:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Cjt1
:mozilla.32:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Maxserving
:mozilla.35:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Revenue
:mozilla.41:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Trafficmp
:mozilla.42:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Tribalfusion
:mozilla.46:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Adserver
:mozilla.47:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Adserver
:mozilla.48:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Adserver
:mozilla.49:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Adserver
:mozilla.50:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Adserver
:mozilla.52:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Co
:mozilla.54:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Worldsex
:mozilla.55:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Worldsex
:mozilla.57:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Trendmicro
:mozilla.63:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Ebates
:mozilla.64:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Ebates
:mozilla.65:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Ebates
:mozilla.66:C:\Documents and Settings\Somebody\Application Data\Mozilla\Profiles\default\1mi45wu9.slt\cookies.txt -> Spyware.Cookie.Ebates
C:\Documents and Settings\Somebody\Cookies\somebody@2o7[1].txt -> Spyware.Cookie.2o7
C:\Documents and Settings\Somebody\Cookies\somebody@888[3].txt -> Spyware.Cookie.888.com
C:\Documents and Settings\Somebody\Cookies\somebody@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet
C:\Documents and Settings\Somebody\Cookies\somebody@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype
C:\Documents and Settings\Somebody\Cookies\somebody@adknowledge[1].txt -> Spyware.Cookie.Adknowledge
C:\Documents and Settings\Somebody\Cookies\somebody@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick
C:\Documents and Settings\Somebody\Cookies\somebody@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll
C:\Documents and Settings\Somebody\Cookies\somebody@ads1.rodale[1].txt -> Spyware.Cookie.Rodale
C:\Documents and Settings\Somebody\Cookies\somebody@adultfriendfinder[1].txt -> Spyware.Cookie.Adult-friend-finder
C:\Documents and Settings\Somebody\Cookies\somebody@apmebf[2].txt -> Spyware.Cookie.Apmebf
C:\Documents and Settings\Somebody\Cookies\somebody@ar.atwola[1].txt -> Spyware.Cookie.Atwola
C:\Documents and Settings\Somebody\Cookies\somebody@as-us.falkag[1].txt -> Spyware.Cookie.Falkag
C:\Documents and Settings\Somebody\Cookies\somebody@automotive[2].txt -> Spyware.Cookie.Automotive
C:\Documents and Settings\Somebody\Cookies\somebody@azjmp[2].txt -> Spyware.Cookie.Azjmp
C:\Documents and Settings\Somebody\Cookies\somebody@bluestreak[2].txt -> Spyware.Cookie.Bluestreak
C:\Documents and Settings\Somebody\Cookies\somebody@btg.btgrab[1].txt -> Spyware.Cookie.Btgrab
C:\Documents and Settings\Somebody\Cookies\somebody@casalemedia[2].txt -> Spyware.Cookie.Casalemedia
C:\Documents and Settings\Somebody\Cookies\somebody@centrport[2].txt -> Spyware.Cookie.Centrport
C:\Documents and Settings\Somebody\Cookies\somebody@cliks[2].txt -> Spyware.Cookie.Cliks
C:\Documents and Settings\Somebody\Cookies\somebody@com[2].txt -> Spyware.Cookie.Com
C:\Documents and Settings\Somebody\Cookies\somebody@creativeby.viewpoint[2].txt -> Spyware.Cookie.Viewpoint
C:\Documents and Settings\Somebody\Cookies\somebody@creview.adbureau[2].txt -> Spyware.Cookie.Adbureau
C:\Documents and Settings\Somebody\Cookies\somebody@dealtime[1].txt -> Spyware.Cookie.Dealtime
C:\Documents and Settings\Somebody\Cookies\somebody@dist.belnk[2].txt -> Spyware.Cookie.Belnk
C:\Documents and Settings\Somebody\Cookies\somebody@dr.webservicehosts[1].txt -> Spyware.Cookie.Webservicehosts
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wflykidpsaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wjk4apd5wbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wjkokjdpcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wjkycidzmeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wjlyehdjcco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wjnyelajgdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wjnyepdzclq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wjnygidjskq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@e-2dj6wjnyujdzieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Somebody\Cookies\somebody@edge.ru4[1].txt -> Spyware.Cookie.Ru4
C:\Documents and Settings\Somebody\Cookies\somebody@emarketmakers[2].txt -> Spyware.Cookie.Emarketmakers
C:\Documents and Settings\Somebody\Cookies\somebody@exitexchange[2].txt -> Spyware.Cookie.Exitexchange
C:\Documents and Settings\Somebody\Cookies\somebody@free.aol[1].txt -> Spyware.Cookie.Aol
C:\Documents and Settings\Somebody\Cookies\somebody@insightfirst[1].txt -> Spyware.Cookie.Insightfirst
C:\Documents and Settings\Somebody\Cookies\somebody@login.tracking101[2].txt -> Spyware.Cookie.Tracking101
C:\Documents and Settings\Somebody\Cookies\somebody@media4.sitebrand[1].txt -> Spyware.Cookie.Sitebrand
C:\Documents and Settings\Somebody\Cookies\somebody@metareward[2].txt -> Spyware.Cookie.Metareward
C:\Documents and Settings\Somebody\Cookies\somebody@network.realtechnetwork[1].txt -> Spyware.Cookie.Realtechnetwork
C:\Documents and Settings\Somebody\Cookies\somebody@nfong.freestats[2].txt -> Spyware.Cookie.Free-stats
C:\Documents and Settings\Somebody\Cookies\somebody@offeroptimizer[1].txt -> Spyware.Cookie.Offeroptimizer
C:\Documents and Settings\Somebody\Cookies\somebody@paypopup[1].txt -> Spyware.Cookie.Paypopup
C:\Documents and Settings\Somebody\Cookies\somebody@perf.overture[1].txt -> Spyware.Cookie.Overture
C:\Documents and Settings\Somebody\Cookies\somebody@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup
C:\Documents and Settings\Somebody\Cookies\somebody@qksrv[2].txt -> Spyware.Cookie.Qksrv
C:\Documents and Settings\Somebody\Cookies\somebody@questionmarket[1].txt -> Spyware.Cookie.Questionmarket
C:\Documents and Settings\Somebody\Cookies\somebody@realmedia[1].txt -> Spyware.Cookie.Realmedia
C:\Documents and Settings\Somebody\Cookies\somebody@rn11[2].txt -> Spyware.Cookie.Rn11
C:\Documents and Settings\Somebody\Cookies\somebody@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler
C:\Documents and Settings\Somebody\Cookies\somebody@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson
C:\Documents and Settings\Somebody\Cookies\somebody@stat.dealtime[1].txt -> Spyware.Cookie.Dealtime
C:\Documents and Settings\Somebody\Cookies\somebody@stats1.reliablestats[2].txt -> Spyware.Cookie.Reliablestats
C:\Documents and Settings\Somebody\Cookies\somebody@suitesmart[2].txt -> Spyware.Cookie.Suitesmart
C:\Documents and Settings\Somebody\Cookies\somebody@techtracker[2].txt -> Spyware.Cookie.Techtracker
C:\Documents and Settings\Somebody\Cookies\somebody@trafficmp[1].txt -> Spyware.Cookie.Trafficmp
C:\Documents and Settings\Somebody\Cookies\somebody@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion
C:\Documents and Settings\Somebody\Cookies\somebody@trk.pcsecurityshield[2].txt -> Spyware.Cookie.Pcsecurityshield
C:\Documents and Settings\Somebody\Cookies\somebody@wdcs.trendmicro[1].txt -> Spyware.Cookie.Trendmicro
C:\Documents and Settings\Somebody\Cookies\somebody@web.checkm8[1].txt -> Spyware.Cookie.Checkm8
C:\Documents and Settings\Somebody\Cookies\somebody@webshots[1].txt -> Spyware.Cookie.Webshots
C:\Documents and Settings\Somebody\Cookies\somebody@www.2-spyware[1].txt -> Spyware.Cookie.2-spyware
C:\Documents and Settings\Somebody\Cookies\somebody@www.ancestry[2].txt -> Spyware.Cookie.Wwwancestry
C:\Documents and Settings\Somebody\Cookies\somebody@www.everyfreegift[1].txt -> Spyware.Cookie.Everyfreegift
C:\Documents and Settings\Somebody\Cookies\somebody@www.hey[1].txt -> Spyware.Cookie.Hey
C:\Documents and Settings\Somebody\Cookies\somebody@www.juno[2].txt -> Spyware.Cookie.Wwwjuno
C:\Documents and Settings\Somebody\Cookies\somebody@www.pcsecurityshield[1].txt -> Spyware.Cookie.Pcsecurityshield
C:\Documents and Settings\Somebody\Cookies\somebody@www.ubid[1].txt -> Spyware.Cookie.Wwwubid
C:\Documents and Settings\Somebody\Cookies\somebody@www.winantiviruspro[2].txt -> Spyware.Cookie.Winantiviruspro
C:\Documents and Settings\Somebody\Cookies\somebody@z1.adserver[1].txt -> Spyware.Cookie.Adserver
C:\Documents and Settings\Somebody\Cookies\somebody@zedo[2].txt -> Spyware.Cookie.Zedo
C:\Documents and Settings\Somebody\Local Settings\Temp\180sainstaller.exe -> Spyware.180Solutions.b
C:\Documents and Settings\Somebody\Local Settings\Temp\AolCoach.cab/.\Data\player\aolnysev.exe -> Heuristic.Win32.Downloader
C:\Documents and Settings\Somebody\Local Settings\Temp\Cookies\somebody@ads1.rodale[1].txt -> Spyware.Cookie.Rodale
C:\Documents and Settings\Somebody\Local Settings\Temp\Cookies\somebody@www.xzoomy[1].txt -> Spyware.Cookie.Xzoomy
C:\Documents and Settings\Somebody\Local Settings\Temp\JYJ\aurareco.exe -> Spyware.BetterInternet
C:\Documents and Settings\Somebody\Local Settings\Temp\QPC\aurareco.exe -> Spyware.BetterInternet
C:\Documents and Settings\Somebody\Local Settings\Temporary Internet Files\Content.IE5\U0XPFFRF\view[1].htm -> TrojanDownloader.Psyme.am
C:\Program Files\Ares Lite Edition\AresLite.exe -> Heuristic.Win32.Backdoor3
C:\Program Files\Common Files\AOL\ACS\acsd.exe -> Heuristic.Win32.Dialer
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/.\Data\player\aolnysev.exe -> Heuristic.Win32.Downloader
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe -> Heuristic.Win32.Dialer
C:\Program Files\Grisoft\AVG Free\avgemc.exe -> Heuristic.Win32.Dialer
C:\WINDOWS\njopaiqeo.exe -> Spyware.BetterInternet
C:\WINDOWS\systb.dll -> Spyware.ImiBar
C:\WINDOWS\zfvridb.exe -> Spyware.BetterInternet


I think I may have made some mistakes. When running the Ewido scan I did not have it "fix" anything.

I could not find the files that Iwas supposed to delete:
C:\WINDOWS\Nail.exe
C:\windows\system32\bgjxyqb.exe
C:\windows\system32\nnctur.exe
C:\WINDOWS\svcproc.exe

Thanks....
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora help needed

 
0
  #8
Jun 23rd, 2005
For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Go to Start, Run, and type in cleanmgr, and then click OK. Select the drive XP is on, and check the boxes for Downloaded Program Files (move any files you wish to keep out of this folder first), Temporary Internet Files, Recycle Bin, Temporary Files, Temporary Offline Files, Offline Files, (and Compress old files & Catalog files for the Content Indexer if you wish), and then click OK. Click Yes to confirm you want these files deleted. It may take awhile for this to run, please be patient.

Note: if any of these temporary files cannot be deleted while in normal mode, try Safe Mode.

Open Firefox, go to Tools, Options, and click on Privacy (padlock icon on the left); click on the Clear All button.

Download, install, update, and run PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Scan with HJT and have it fix this entry:
O4 - HKLM\..\Run: [oxpacud] c:\windows\system32\hpklvh.exe r

Reboot into Safe Mode and delete these files:

C:\windows\system32\hpklvh.exe
C:\WINDOWS\njopaiqeo.exe
C:\WINDOWS\systb.dll
C:\WINDOWS\zfvridb.exe

Empty your Recycle Bin, and do another scan with Ewido.

Reboot normally, scan with HJT, and post a new log along with the Ewido log.
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 88
Reputation: sampson is an unknown quantity at this point 
Solved Threads: 0
sampson sampson is offline Offline
Junior Poster in Training

Re: Aurora help needed

 
0
  #9
Jun 23rd, 2005
is the ewido scan in the safe mode and do I let ewido "fix" or just let it scan and post the scan??
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora help needed

 
0
  #10
Jun 23rd, 2005
The Ewido I have doesn't have a Fix option; if yours does, go ahead and use it.

Yes, scan in Safe Mode.
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-virussitesaccessissue antivirus apple audio avg bar blackhat botnet censorship combofix commercials conficker connect crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe exploit facebook fake gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch pdf phishing police president privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted usa virus viruses volume vulnerability war warning windows worm yahoo zero-day zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC