Technology help! spyware infestation. browser hijacked!

[Casey]

Hey guys, I need some help. My browser has been hijacked after an infestation of spyware caused by a dodgy crack. It's really fucked up my shit - browser opens randomly, random adverts on my deskotp too, random shortcuts on my desktop "online dating" etc, and all that shit.

Now, using Spyware Doctor, Spybot Search & Destory and AVG Virus Scan I've managed to eliminiate most of them, as well as using CCleaner to get rid of shit that it set to run on startup. But I'm still getting random tabs opened in Firefox with shitty advertising.

I was wondering if there was anything else I could to to get rid of them once and for all.

Here's a HiJack this log if it would help:

ogfile of HijackThis v1.99.1
Scan saved at 2:25:32 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\Documents and Settings\King Simon\Desktop\Simon's stuff\programs\setup files\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\ktpol7731.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

thanks in advance.

 

[Illuminattile]

Remove the following:

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\ktpol7731.dll

Download ewido from the Knowledge Base and run that too.

 

[Casey]

Hi Illuminattile, I ran ewido, found 216 infected files and got the following report :

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:12:32 PM, 12/13/2005
+ Report-Checksum: CBEF8161

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{28F00B0F-DC4E-11d3-ABEC-005004A44EEB} -> Spyware.BroadCastPC : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5CA9D47F-4BBC-45E0-815F-670AE736A678} -> Spyware.HiWire : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{80F1B906-D066-11D3-AD70-009027B8ADBC} -> Spyware.HiWire : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCDDAB74-C3A8-11D3-AD69-009027B8ADBC} -> Spyware.HiWire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer -> Spyware.Look2Me : Cleaned with backup
[500] C:\WINDOWS\system32\wxnetmgr.dll -> Spyware.Look2Me : Error during cleaning
[3584] C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\__delete_on_reboot__xpqq.exe -> Downloader.Qoologic.at : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Benn\Application Data\Mozilla\Firefox\Profiles\ib41u6zo.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.33:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.45:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.68:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.150:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.151:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.240:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.252:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies-1.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.8:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\King Simon\Application Data\Mozilla\Firefox\Profiles\1gdmclgo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\yna0mrmr.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\A.TMP.VIR -> Worm.VB.an : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\A0014080.EXE.VIR -> Worm.VB.an : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\PXWMA.DLL.VIR -> Spyware.Webdir : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\WINUPDATES.EXE.VIR -> Worm.VB.an : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\winupdates.VIR -> Worm.VB.an : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\wyoorc.VIR -> Downloader.Qoologic.at : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\xpqq.VIR -> Downloader.Qoologic.at : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\system32\fkbbddk.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\krdmac.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\msmsg.007 -> Not-A-Virus.Monitor.Ardamax.a : Cleaned with backup
C:\WINDOWS\system32\msmsg.exe -> Not-A-Virus.Monitor.Ardamax.23 : Cleaned with backup
C:\WINDOWS\system32\p4p6le7s1h.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pqyyb.dat -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\system32\wyoorc.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__equupnq.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__fgkkr.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp -> Spyware.Look2Me : Cleaned with backup


::Report End

I then ran a fresh Hijack This! and got this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:13:53 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\King Simon\Desktop\Simon's stuff\programs\setup

files\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

local.,
F2 - REG:system.ini: Shell=explorer.exe

"C:\Program Files\Common Files\Microsoft

Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN

Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband

Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\ktpol7731.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM

FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program

Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program

Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program

Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program

Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

it's definately happening less, but it is still happening. what should i do now? I just fixed those things in HiJack this as well, i'll run ewido again and see what happens.

 

[PELLA]

i remember i had the same exact problem. I called tech support, they did some safe mode thing with me and e verything . Took 5 min and my system was super clean. Ran faster and everything.

 

[Illuminattile]

Move HJT into its own folder @ C:\Hijackthis.

Download Killbox from the Knowledge Base

Download CWShredder from the Knowledge Base

Boot into Safe Mode

Run AVG

Run ewido

Run SpyBot

Run CWShredder

Run HJT and remove the entries I posted before

Run Killbox and copy-and-paste the file paths, one by one, and hit the Delete button

 

[Casey]

/\ Thanks man, but I seem to have got rid of it all. I booted into safe mode, ran AVG, Spybot, Spyware Doctor, and Ewido. now the problem has gone! I've downloaded Killbox and Cwshredder for potential future reference though. Thanks again homie.