0

I've read most of the other posts regarding this issue, and so far I have been unable to find a solution. I've done a complete adware/registry clean of my computer via my programmer friend at work, and the only thing that slipped my mind was how to return my desktop to normal. I once had the virus that gave my desktop a blue screen and a black box in the center that gave a "warning: computer may be infected with spyware".. I believe I cleaned out the files and everything that caused it to link to the website, but now the background is just a plain grey. The MAIN problem is.. after trying to right click desktop>properties>display tab, I am unable to change/click anything, except to make the color a different one. I just downloaded Hijackthis ver. 1.99.1 and ran a scan, this is what it gave me:

Logfile of HijackThis v1.99.1
Scan saved at 3:44:52 PM, on 12/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JOHNMI~1\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.pcclub.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


Thanks in advance for any help.

2
Contributors
3
Replies
4
Views
11 Years
Discussion Span
Last Post by DMR
0

Hi hateviruses123, welcome to DaniWeb.

A) C:\DOCUME~1\JOHNMI~1\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe

The log entry above indicates that you are running HijackThis from within a Temp/Temporary folder. Please do the following:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.


B)

I once had the virus that gave my desktop a blue screen and a black box in the center... after trying to right click desktop>properties>display tab, I am unable to change/click anything...

That's a side effect of the "Smitfraud" and "SpySheriff" infections. Please do the following:

- Download the smitfraud.reg file by right-clicking on this link and choosing "Save link as..." or "Save target as..." from the resulting pop-up menu. Save the file to your desktop.

- Double-click the smitfraud.reg file you saved, and when it asks if you want to merge with the registry, click YES.

- Reboot your computer; your display properties should be returned to normal.


C) The"WeatherBug" program is adware; I'd suggest uninstalling it using your Add/Remove Programs control panel.


D) You have a couple of "loose ends" in your HijackThis which probably warrant a bit more cleaning:

1. Download and install these utilities (but do not run scans with them yet):

ewido Security Suite (trial version) - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open AVG and use its Update feature to make sure that you have the most current virus definitions installed. As with the above programs, don't run a scan with AVG yet; just close it once it is updated.


2. Download and install the CCleaner utility, but don't run it yet.


3. Open the Services utility in your Administrative Tools control panel, right-click on the service named "X10 Device Network Service" or "x10nets", and then click Properties in the resulting popup menu. From there, choose "Disabled" from the "Startup Type" drop-down menu there, click "OK", and then close the Services window.


4. Run HijackTHis again, put a check mark next to the following entries, and then click the "Fix checked" button. Close HJT once it has finished performing the fixes:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

- Click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:

x10nets

- Close HijackThis.


5. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).


6. Run CCleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.


7. Run AVG, ewido, and MS Antispyware beta consecutively; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.


8. Open Windows Explorer and delete the entire C:\Program Files\AWS folder.


9. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.

0

Thanks for the Welcome!

Fantastic! Worked like a charm, here are the logs for the scans:

Logfile of HijackThis v1.99.1
Scan saved at 8:04:28 PM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcclub.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcclub.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcclub.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


And Ewido:


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           5:59:44 PM, 12/19/2005
+ Report-Checksum:      A412B190


+ Scan result:


HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Enum\PCI\VEN_1039&DEV_7001&SUBSYS_0C54105B&REV_0F\3&61aaa01&0&1A\\Service -> Spyware.SaveNow : Error during cleaning
HKU\S-1-5-21-2371706370-3839856519-1738246520-1005\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2371706370-3839856519-1738246520-1005\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
:mozilla.6:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.7:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.9:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.10:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.11:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.12:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.13:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.15:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.16:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.17:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.18:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.19:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.20:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.31:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.32:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.60:C:\Documents and Settings\John Mitman\Application Data\Mozilla\Firefox\Profiles\of1g2mhk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@ad.yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@ads.pointroll[1].txt[/email] -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@advertising[2].txt[/email] -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@atdmt[2].txt[/email] -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@casalemedia[1].txt[/email] -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@doubleclick[1].txt[/email] -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@fastclick[2].txt[/email] -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@media.fastclick[1].txt[/email] -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@mediaplex[1].txt[/email] -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@msnportal.112.2o7[1].txt[/email] -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@questionmarket[1].txt[/email] -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@rotator.adjuggler[1].txt[/email] -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@tribalfusion[1].txt[/email] -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@valueclick[2].txt[/email] -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\John Mitman\Cookies\john [email]mitman@www.etracker[1].txt[/email] -> Spyware.Cookie.Etracker : Cleaned with backup
C:\Documents and Settings\John Mitman\Local Settings\Temp\123.456 -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ehg-liverpoolfctv.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7866328B-6E38-4F67-ABCA-92C905\665E5B09-5660-4B84-B1DA-205A1C -> Not-A-Virus.Hoax.SpyWare.a : Cleaned with backup
C:\WINDOWS\mfcck32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Temp\Cookies\john [email]mitman@doubleclick[2].txt[/email] -> Spyware.Cookie.Doubleclick : Cleaned with backup



::Report End

Thanks a whole lot for all the help, hard to tell how much I appreciate it!

Edited by happygeek: fixed formatting

0

Looks good; glad we could be of assistance. Have a very, merry, virus-free holiday! :mrgreen:

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.