SpyAxe Making Me Crazy Please help with this HJT Log
phuschnickens
Beverly Hills, Michigan Member
Hi, SpyAxe is making me crazy... I would greatly appreciate it if a power greater than myself could help me with this problem. I realize that with my current knowledge I may be incapable of fixing the problem on my own, but I realize with the help of another person, I may be able to accomplish the task of cleaning this computer. Anybody's input would be greatly appreciated and I will happily follow your suggestions. Thank you for your attention.
I've run AdAware, Spybot, Ewido, PandaScan, HJT, CWShredder, SpyAxeFix, and SmitRem. I followed directions what I thought was carefully, but i'm still having problems, so I will start over. Here is my HJT log. Please help. Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 3:48:39 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\AntiSpyware by Pete\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
I've run AdAware, Spybot, Ewido, PandaScan, HJT, CWShredder, SpyAxeFix, and SmitRem. I followed directions what I thought was carefully, but i'm still having problems, so I will start over. Here is my HJT log. Please help. Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 3:48:39 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\AntiSpyware by Pete\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Comments
ewido security suite - Scan report
+ Created on: 3:04:30 PM, 11/29/2005
+ Report-Checksum: 1BC4F149
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.819:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.820:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.824:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.825:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.826:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.827:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.841:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.842:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.846:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.863:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\w97sox9k.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ads.euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ads18.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@e-2dj6wjnyeldzwfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@images.trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temp\Cookies\heather@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\4VEJU5EH\gdnUS2218[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\BRPBBTCO\thnall1l[1].exe -> Adware.BetterInternet : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\wzh8xqj1.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ads.180solutions[2].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@counter.hitslink[1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@e-2dj6wjkyemc5shp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@e-2dj6wjmiupc5khp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@e-2dj6wjnygpdjmkp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ehg-bestbuy.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ehg-consumerenergyco.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ehg-elisabeth.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ehg-kohls.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ehg-mh.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@ehg-traderpublishing.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@gateway.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@jcrew.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@sel.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Maureen\Cookies\maureen@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Maureen\Local Settings\Temp\localNrd.cab/localNRD.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Maureen\Local Settings\Temp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Maureen\Local Settings\Temp\localNrd.cab/polall1l.exe -> TrojanDownloader.Agent.ae : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xm60ovlx.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@gateway.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Melissa\Cookies\melissa@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-2631068077-3231677816-2854572942-1006\Dc104\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\S-1-5-21-2631068077-3231677816-2854572942-500\Dc1.exe -> TrojanDownloader.Zlob.bo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\in10b6s.dll -> TrojanDropper.Small.abd : Cleaned with backup
C:\WINDOWS\system32\in9bDs.dll -> TrojanDropper.Small.abd : Cleaned with backup
::Report End
smitRem © log file
version 2.7
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 11/29/2005
The current time is: 14:03:45.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Online Security Center.url
~~~ Favorites ~~~
~~~ system32 folder ~~~
msvol.tlb
ld****.tmp
ncompat.tlb
mscornet.exe
logfiles
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
SpyAxeFix © by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 11/29/2005
The current time is: 15:17:42.64
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1524 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
Incident Status Location
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Heather\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Heather\Local Settings\Temp\conscorr.ini
Adware:Adware/LocalNRD Not disinfected C:\Documents and Settings\Heather\Local Settings\Temp\localNrd.cab[localNrd.inf]
Adware:Adware/LocalNRD Not disinfected C:\Documents and Settings\Heather\Local Settings\Temp\localNrd.inf
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Heather\Local Settings\Temp\satmat.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Heather\Local Settings\Temp\satmat.ini
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\PZ0XPUDN\webservice[1].htm
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Documents and Settings\Heather\Local Settings\Temp\Temporary Internet Files\Content.IE5\QRST30E6\webservice[1].htm
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\O5Y785AR\sec1-adls[1].htm
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Maureen\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Maureen\Local Settings\Temp\conscorr.ini
Adware:Adware/LocalNRD Not disinfected C:\Documents and Settings\Maureen\Local Settings\Temp\localNrd.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Melissa\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Melissa\Local Settings\Temp\conscorr.ini
Spyware:Spyware/RXToolbar Not disinfected C:\RECYCLER\S-1-5-21-2631068077-3231677816-2854572942-1006\Dc108\RXToolBar.dll
Adware:Adware/SpyAxe Not disinfected C:\RECYCLER\S-1-5-21-2631068077-3231677816-2854572942-1006\Dc191.dll
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:adware/portalscan Not disinfected C:\WINDOWS\bundles\58kd52fg.exe
Adware:Adware/NetPals Not disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\inf\conscorr.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\satmat.inf
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\satmat.ini
Adware:adware/twain-tech Not disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/favoriteman Not disinfected C:\WINDOWS\system32\im64.dll
Virus:Trj/Deldir.A Not disinfected C:\WINDOWS\system32\oobe\emachines\Preinstall.cmd
Spyware:Spyware/RXToolbar Not disinfected C:\WINDOWS\system32\RXBarsetupV2.dll
Spyware:Spyware/RXToolbar Not disinfected C:\WINDOWS\system32\RXToolbar.exe
I believe that SpyAxe helped quite a bit, and then manually deleting the files that appeared in the logs of SmitRem, PandaScan, and EWIDO. Any of the files that resisted arrest could be deleted using KILLBOX and selecting the option to delete upon reboot. I also manually searched for files that were commonly associated with SPYAXE. I found theis list using google, but I was careless and now only have an incomplete list (i think it's incomplete). These files can be found in windows\system32: svchosts.dll (NOT SVCHOST.EXE), mssearchnet.exe, nvctrl.exe, msvol, ncompat, and hp*.tmp (* represents a wildcard that is generall 4 numeric digits). Then I went through a series of rebooting into safe mode, scanning, delete files, empty recycle bin, reboot into regular mode, scan, delete files, empty recycle bin, reboot into safe mode, scan, delete files, empty recycle bin, etc., until it was all cleaned up. Thanks for your time. Hopefully this madness will help someone else in need.
-Pete