Please help...
Do you see anything here??

Logfile of HijackThis v1.99.1
Scan saved at 10:59:40 PM, on 1/19/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\jweqaaaa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUMENTS AND SETTINGS\CARSON\DESKTOP\hsremove.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUMENTS AND SETTINGS\CARSON\DESKTOP\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\System32\nd_gfx9.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\DOCUME~1\Mom\Cookies\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [jweqaaaa] C:\WINDOWS\System32\jweqaaaa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows System] sqqudilw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [jweqaaaa] C:\WINDOWS\System32\jweqaaaa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137737681637
O20 - AppInit_DLLs: C:\WINDOWS\System32\dtoexpva.dll
O20 - Winlogon Notify: htproc - C:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: nd_gfx9 - C:\WINDOWS\SYSTEM32\nd_gfx9.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Recommended Answers

All 9 Replies

Hi and welcome to Daniweb forums :).

I recommend that you change any and all passwords that you have used on your PC after we clean up the problem.

Can you please do the following.

===============

When we're done cleaning off your system, I'd recommend that you install all the critical windows updates available from Microsoft, up to service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccurring in the future.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\System32\jweqaaaa.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Scan with HiJackThis, then check(tick) the following, if present:


O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\System32\nd_gfx9.dll

O4 - HKLM\..\Run: [jweqaaaa] C:\WINDOWS\System32\jweqaaaa.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] sqqudilw.exe
O4 - HKCU\..\Run: [jweqaaaa] C:\WINDOWS\System32\jweqaaaa.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O20 - AppInit_DLLs: C:\WINDOWS\System32\dtoexpva.dll
O20 - Winlogon Notify: htproc - C:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: nd_gfx9 - C:\WINDOWS\SYSTEM32\nd_gfx9.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\System32\jweqaaaa.exe
C:\WINDOWS\System32\nd_gfx9.dll
C:\WINDOWS\System32\dtoexpva.dll
C:\WINDOWS\SYSTEM32\htproc32.dll

Search for...

sqqudilw.exe

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

Please download the trial version of Ewido anti-malware here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.

Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Here is my new HijackThis log and my Ewido scan per your request after following your advise... (Pretty messy...I had lots of junk on there!) Unfortuantely, I am still unable to kill off the nasty nd_gfx9.dll object which is infected. Ewido doesn't tell me it can't clean it up, but gives me an alarm (twice) whenever I boot up. When I try and delete the object in Safe mode I get an error saying it is used by another user or process. When I look at the properties of the object, it looks like it is running under admin and Carson user, but I not sure what to do with this information. Thank you sooooo much for your advise so far. I have stopped getting the Symantec popups, which has helped my sanity. If you have any other info. about how to delete this object, I'm all ears...

One other question... Norton's ccApp.exe crashes a lot (ending program dialog) when I exit windows. If a virus had attached itself to this guy, would Ewido have found it? It seemed pretty thorough, but I didn't know if I should try another scan with something else. Thx.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:03 AM, on 1/25/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\DOCUME~1\Mom\Cookies\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Calendarscope\cs.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\nd_gfx9.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\DOCUME~1\Mom\Cookies\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O4 - Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137737681637
O20 - Winlogon Notify: nd_gfx9 - C:\WINDOWS\SYSTEM32\nd_gfx9.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           9:46:49 AM, 1/25/2006
+ Report-Checksum:      DCDDF522


+ Scan result:


:mozilla.6:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\t7250qpg.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Carson\Cookies\carson@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Carson\Local Settings\Temporary Internet Files\Content.IE5\4DQR4963\erst[1].exe -> Trojan.Agent.cs : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Courtney\Application Data\Mozilla\Firefox\Profiles\7eigljk1.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Courtney\Cookies\courtney@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.582:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\z2vw3elo.default\cookies.txt -> Spyware.C

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

I downloaded VundoFix and ran it twice on my system... once after I had asked ewido to clean it in it's alarm dialog and once after rebooting before ewido did anything. VundoFix found nothing (see .txt below) The ewido alarm comes up consistently twice after I reboot... after I ask it to clean it immediately reappears and I ask it to do it again then it remains gone. Here is what the alarm dialog says:

file: nd_gfx9.dll
path: c:\WINDOWS\System32
virus: Trojan.Agent.cs

Thanks again for trying!!!


VundoFix V4.0

Listing files found while scanning....


VundoFix V4.0

Listing files found while scanning....

Can you try this one instead please. This one is a little stubborn.

Download VirtumundoBeGone by secured2k

  1. Save the file to your desktop

  2. Close all running programs (including your Internet Browser)
  3. Double-click VirtumundoBeGone.exe on the desktop
  4. Read the introductory information, and then click Continue
  5. Click Start
  6. When asked if you want to continue, click Yes to run the fix
  7. Click "Save Log"

==

Post another hijackthis log also.

Ugghh!! Same thing with VirtumundoBeGone. Nothing found... (see below), but sure enough Ewido keeps giving me the alarm. I am also curious why Ewido thinks it keeps removing it, yet it comes back??? Even in the Ewido log file (see below) it says it is successful.... Strange...

[01/26/2006, 16:57:12] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mom\Desktop\VirtumundoBeGone.exe" )
[01/26/2006, 16:57:21] - Detected System Information:
[01/26/2006, 16:57:21] -  Windows Version: 5.1.2600,
[01/26/2006, 16:57:21] -  Current Username: Mom (Admin)
[01/26/2006, 16:57:21] -  Windows is in NORMAL mode.
[01/26/2006, 16:57:21] - Searching for Browser Helper Objects:
[01/26/2006, 16:57:21] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/26/2006, 16:57:21] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/26/2006, 16:57:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2006, 16:57:21] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/26/2006, 16:57:22] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/26/2006, 16:57:22] -  BHO 3: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[01/26/2006, 16:57:22] -  BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/26/2006, 16:57:22] -  BHO 5: {F85E86D8-F796-4C97-AAA2-26664A98A42C} (CIEPl Object)
[01/26/2006, 16:57:22] - Finished Searching Browser Helper Objects
[01/26/2006, 16:57:22] - Finishing up...
[01/26/2006, 16:57:22] - Nothing found! Exiting...



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           5:44:10 PM, 1/26/2006
+ Report-Checksum:      8719E2D3


+ Scan result:


C:\WINDOWS\system32\nd_gfx9.dll -> Trojan.Agent.cs : Cleaned without backup



::Report End

Check in add/remove programs for smiley district optimizer and uninstall it if there.
Post another hijackthis log please.

Wow! That was the ticket... I have no idea what smiley district optimizer is, but I'm glad to be rid of it! Here is my HiJackThis log with nd_gfx9.dll gone. I think the next thing I am to do is to load all the Window updates up to service pack 1. (I'm not sure why I'm not updating to service pack 2, but you haven't led me astray yet so I trust you!) Well, I owe you some big, expensive gift so let me know... Also if I need to do anything else to prevent these nasties from invading my system, please advise! You're awesome crunchie...


Logfile of HijackThis v1.99.1
Scan saved at 1:30:11 PM, on 1/27/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe


C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\DOCUME~1\Mom\Cookies\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Calendarscope\cs.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\nd_gfx9.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\DOCUME~1\Mom\Cookies\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O4 - Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137737681637
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Scan with HiJackThis, then check(tick) the following, if present:


O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\nd_gfx9.dll (file missing)

O4 - Startup: Free WebSite Tools.lnk = ?


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

==

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

Install and keep updated, Ewido anti-malware, Ad-Aware SE and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.

Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.