Thread: Spyware Infection
View Single Post
Old 10-06-2007, 10:41 PM   #1 (permalink)
popdog
Registered User
 
Join Date: Oct 2007
Location: Australia
Posts: 27
OS: Windows XP Pro 2002, Service Pack 2


Spyware Infection
Hi,

After my computer's been increasingly slow and crashing lately, I've followed the 5 recommended steps, and have lots of Spyware on my computer. I can't really tell you much about the infection since I don't know what I'm looking for, but the logs (DSS, Panda ActiveScan) are here. Hopefully this is enough information. How do I remove the spyware?

Also, I use Mozilla Forefox, and didn't install IE-Spyad because I assume it's for Internet Explorer, is there an equivilent for Mozilla?

Okay, Logs:


Deckard's System Scanner v20070905.67
Run by Administrator on 2007-10-07 14:05:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x0000013D


-- Last 5 Restore Point(s) --
63: 2007-10-06 03:50:04 UTC - RP289 - Restore Operation
62: 2007-10-06 03:36:51 UTC - RP288 - Restore Operation
61: 2007-10-06 03:35:04 UTC - RP287 - Restore Operation
60: 2007-10-06 03:33:14 UTC - RP286 - Restore Operation
59: 2007-10-06 03:31:11 UTC - RP285 - Restore Operation


-- First Restore Point --
1: 2007-07-14 00:28:41 UTC - RP227 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:07:34 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...google.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/udmooflt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178068070625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 si3112r (Silicon Image SiI 3112 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; SATARaid>
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>
R0 SiWinAcc - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>
R1 smtpdrv - c:\windows\system32\drivers\smtpdrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-07 12:39:39 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-09-07 and 2007-10-07 -----------------------------

2007-10-07 13:54:40 0 d-------- C:\Program Files\SpywareBlaster
2007-10-07 12:40:12 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-07 12:40:10 0 d-------- C:\WINDOWS\LastGood
2007-10-06 12:03:51 0 d-------- C:\WINDOWS\CSC
2007-10-02 20:52:16 0 d-------- C:\Program Files\Windows Defender
2007-10-01 12:58:38 0 d-------- C:\Documents and Settings\Administrator\.GalleryRemote
2007-09-13 22:58:34 0 dr-h----- C:\Documents and Settings\Administrator\Recent


-- Find3M Report ---------------------------------------------------------------

2007-10-07 13:56:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-10-07 13:24:28 0 d-------- C:\Program Files\QuickTime
2007-10-07 13:19:19 0 d-------- C:\Program Files\Google
2007-10-06 13:49:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-10-03 20:01:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\foobar2000
2007-10-03 11:37:48 0 d-------- C:\Program Files\MagicDVDRipper
2007-10-03 11:37:09 0 d-------- C:\Program Files\Bookup
2007-10-01 18:08:42 0 d-------- C:\Program Files\Lotus
2007-10-01 18:08:42 0 d-------- C:\Program Files\Logitech
2007-10-01 18:08:42 0 d-------- C:\Program Files\Java
2007-10-01 18:08:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-01 18:08:42 0 d-------- C:\Program Files\foobar2000
2007-10-01 18:08:42 0 d-------- C:\Program Files\DivX
2007-10-01 18:08:42 0 d-------- C:\Program Files\Desktop Messenger
2007-10-01 18:08:42 0 d-------- C:\Program Files\CyberLink
2007-10-01 18:08:42 0 d-------- C:\Program Files\Connected Software
2007-10-01 18:08:42 0 d-------- C:\Program Files\Common Files
2007-10-01 18:08:42 16 --ah----- C:\Program Files\Common Files\mxfilerelatedcache.mxc2 <MXFILE~1.MXC>
2007-10-01 18:08:42 0 d-------- C:\Program Files\Canon
2007-10-01 18:08:42 0 d-------- C:\Program Files\ATI Technologies
2007-10-01 18:08:39 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-01 18:08:39 0 d-------- C:\Program Files\Windows NT
2007-10-01 18:08:39 0 d-------- C:\Program Files\VideoLAN
2007-10-01 18:08:39 0 d-------- C:\Program Files\uTorrent
2007-10-01 18:08:39 0 d-------- C:\Program Files\Skype
2007-10-01 18:08:39 0 d-------- C:\Program Files\SimpleCenter
2007-10-01 18:08:39 0 d-------- C:\Program Files\Silicon Image
2007-10-01 18:08:39 0 d-------- C:\Program Files\Real
2007-10-01 18:08:39 0 d-------- C:\Program Files\Online Services
2007-10-01 18:08:39 0 d-------- C:\Program Files\NCH Swift Sound
2007-10-01 18:08:39 0 d-------- C:\Program Files\MusicMatch
2007-10-01 18:08:39 0 d-------- C:\Program Files\MSXML 4.0
2007-10-01 18:08:39 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-01 18:08:39 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-10-01 18:08:39 0 d-------- C:\Program Files\Movie Maker
2007-10-01 18:08:39 0 d-------- C:\Program Files\microsoft frontpage
2007-10-01 18:08:39 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-01 18:08:39 0 d-------- C:\Program Files\Messenger
2007-09-12 15:39:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2007-09-09 20:55:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-09-01 21:44:42 0 d-------- C:\Program Files\Common Files\MainConcept
2007-09-01 21:43:23 0 d-------- C:\Program Files\Common Files\i4j_jres
2007-09-01 20:34:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-07-08 21:24:53 16 --ah----- C:\Documents and Settings\Administrator\Application Data\mxfilerelatedcache.mxc2 <MXFILE~1.MXC>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/09/2003 09:10 PM]
"nForce Tray Options"="sstray.exe" [17/06/2003 07:18 PM C:\WINDOWS\system32\sstray.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16/02/2007 10:54 AM]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [16/12/2004 07:55 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [20/12/2001 01:59 AM]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [22/09/2007 05:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00 AM]
"AGRSMMSG"="AGRSMMSG.exe" [29/06/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06 AM]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [07/11/2001 11:36 AM]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [30/01/2007 09:30 AM]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [20/12/2001 09:42 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [11/05/2007 01:20 PM]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [22/09/2007 05:45 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/04/2007 08:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/udmooflt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe [22/09/2007 5:45:42 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 1:01:04 AM]
SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [26/03/2007 4:36:11 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-10-07 14:08:03 ------------








And here is the Panda ActiveScan:



Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.ad.sensismediasmart.com.au/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.pacificpoker.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.tickle.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.com.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.xiti.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udmooflt.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Virus:Generic Trojan Disinfected C:\WINDOWS\system32\drivers\ip6fw.sys
Virus:Trj/Spammer.ADX Disinfected C:\WINDOWS\system32\drivers\smtpdrv.sys



Finally, I managed to catch my comp. at a good time, and I may not be able to get this much information again. I can try to get whatever else is needed though.

Any help is much appreciatied. Thankyou.
Attached Files
File Type: txt extra.txt (13.8 KB, 1 views)
popdog is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here