|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-09-2005, 03:53 AM
|
#1 (permalink) |
|
I helped the forums.
Join Date: Aug 2005
Posts: 4
OS: Win 2000
|
Trojan.cachecachekit
Hi
I've identified this virus and need help to get rid of it Symantec Real Time Scan posted an alert to this in a file C:\WINNT\Sytem32\rdriv.sys. The Symantec site says that this is a consequence of W32.Spybot.NLX but the virus checker does not show this on my system. rdiv.sys cannot be deleted. Since the infection, my system is uploading large volumes of data to the internet. I have a broadband connection. I have followed the steps outlined in responses to other posts on this subject. * Run Ad-Aware scan and removed all spyware. * Ran the Trend Micro online scan. This identified a hacktool at the rdriv.sys address. * Ran the HijackThis analyzer on the HijackThis log (attached) I have noticed that killing the winer.exe process (via Task manager) reduces the volume of outgoing data, but am not sure whether winer.exe is a valid file or part of the problem. I appreciate the existence of this site and hope someone can help me remove the virus. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:28:16 PM, on 09-Aug-05 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINNT\system32\mataswk.exe C:\WINNT\system32\winer.exe C:\WINNT\system32\wininitt32.exe C:\Program Files\Bloglines Notifier\Notifier.exe C:\Program Files\Fujitsu\Fujitsu Quick Touch\AUVCore.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\WINNT\sdktemp.exe O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: Vivisimo - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Vivisimo\Toolbar\toolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe O4 - HKLM\..\Run: [FTMSFLT] C:\Program Files\FIDMOU\WIN2K\FTMSFLT.exe O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Windows Registry 64patch] mataswk.exe O4 - HKLM\..\Run: [wingr64] winer.exe O4 - HKLM\..\Run: [Microsoft Update 32] wininitt32.exe O4 - HKLM\..\RunServices: [Windows Registry 64patch] mataswk.exe O4 - HKLM\..\RunServices: [wingr64] winer.exe O4 - HKLM\..\RunServices: [Microsoft Update 32] wininitt32.exe O4 - HKCU\..\Run: [Infuzer] C:\Program Files\Infuzer\Infuzer.exe O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [BloglinesNotifier] C:\Program Files\Bloglines Notifier\Notifier.exe O4 - HKCU\..\Run: [Windows Registry 64patch] mataswk.exe O4 - HKCU\..\Run: [wingr64] winer.exe O4 - HKCU\..\RunServices: [wingr64] winer.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Fujitsu Quick Touch.lnk = C:\Program Files\Fujitsu\Fujitsu Quick Touch\AUVCore.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Vivisimo Meta-Search - res://C:\Program Files\Vivisimo\Toolbar\toolbar2.dll/SEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: sdktemp - Unknown owner - C:\WINNT\sdktemp.exe End of KRC HijackThis Analyzer Log. ============================================ |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-09-2005, 10:45 AM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,605
OS: 2000 Pro; XP Pro; XP Home
|
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.
Go to My Computer->Tools->Folder Options->View tab and make sure that 'Show hidden files and folders' is checked under the 'Hidden Files and Folders' section. Also make sure there is no checkmark beside 'Hide file extensions for known file types' or 'Hide protected operating system files'. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Please download the following programs, but do not run them yet: rdrivRem.zip - http://www.geekstogo.com/forum/index...e=post&id=1778 * Unzip it to your desktop. Ewido Security Suite - http://www.ewido.net/en/download/ * Install Ewido Security Suite. * Launch Ewido. There should be a big E icon on your desktop. Double click on it. * The program will prompt you to update. Click the OK button. * The program will now go to the main screen. * You will need to update Ewido to the latest definition files. * On the left hand side of the main screen click update. * Click on Start. * The update will start and a progress bar will show the updates being installed. * After the updates are installed exit Ewido. * CleanUp! - http://www.greyknight17.com/spy/CleanUp.exe * Install it. * Killbox by Option^Explicit - http://www.greyknight17.com/spy/KillBox.exe * Save it to your desktop. Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. 1.) Please double click rdrivRem.bat to run the program - follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder. 2.) Double click the Ewido Security Suite icon to run the program. * Click on scanner. * Click Complete System Scan. * Let the program scan the machine. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report. * Click Save report. * Save the report to your desktop. * Exit Ewido. 3.) CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff. 4.) After CleanUp! is finished, run HijackThis. Place a check next to the following items, if found, and click FIX CHECKED (after you checked the last entry below): O4 - HKLM\..\Run: [FTMSFLT] C:\Program Files\FIDMOU\WIN2K\FTMSFLT.exe<<<<<if you don't recognize this, fix it! O4 - HKLM\..\Run: [Windows Registry 64patch] mataswk.exe O4 - HKLM\..\Run: [wingr64] winer.exe O4 - HKLM\..\Run: [Microsoft Update 32] wininitt32.exe O4 - HKLM\..\RunServices: [Windows Registry 64patch] mataswk.exe O4 - HKLM\..\RunServices: [wingr64] winer.exe O4 - HKLM\..\RunServices: [Microsoft Update 32] wininitt32.exe O4 - HKCU\..\Run: [Windows Registry 64patch] mataswk.exe O4 - HKCU\..\Run: [wingr64] winer.exe O4 - HKCU\..\RunServices: [wingr64] winer.exe O23 - Service: sdktemp - Unknown owner - C:\WINNT\sdktemp.exe Close HijackThis. 5.) Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes: C:\Program Files\FIDMOU C:\WINNT\system32\mataswk.exe C:\WINNT\system32\winer.exe C:\WINNT\system32\wininitt32.exe C:\WINNT\sdktemp.exe If your computer does not restart automatically, please restart it manually. After computer has restarted continue with the rest of the instructions: 6.) Make sure your firewall is on. Make sure you can turn it off then turn it back on and that nothing is greyed out. It appears as though you don't have a firewall. A good firewall will prevent all that outbound activity. You can get a good free one from ZoneAlarm or Kerio or Sygate. Also, make sure your anti-virus program is working properly - you can turn on and off auto-protect, etc. 7.) Run BOTH of these online virus scans (NOT at the same time!): ActiveScan - http://www.pandasoftware.com/activescan/ TrendMicro 's Housecall (http://uk.trendmicro-europe.com/ente...all_launch.php) - check 'Auto Clean' Save the results from Panda ActiveScan. I need you to post the contents of rdriv.txt, the log from Ewido, the log from ActiveScan, and a new HijackThis log into this topic.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-10-2005, 01:51 AM
|
#3 (permalink) |
|
I helped the forums.
Join Date: Aug 2005
Posts: 4
OS: Win 2000
|
Sorted - Thank you
Tetonbob,
Thanks for your prompt and personalised advice... I think we're all fixed (although the ActiveScan text does show some potential issues). The Trojan.cachecachekit and rdriv.sys is gone. Here's the stuff you requested. 1. The rdriv.txt ~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~ rdriv.sys PRESENT! ItunesMusic.exe NOT PRESENT! wkssvc.exe NOT PRESENT! ~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~ rdriv.sys NOT PRESENT! ItunesMusic.exe NOT PRESENT! wkssvc.exe NOT PRESENT!... 2. The ewido log (it caught the 'wininitt32.exe' ) -------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:46:58 AM, 10-Aug-05 + Report-Checksum: 9DD0F597 + Scan result: HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup HKU\S-1-5-21-1715567821-1606980848-1957994488-500\Software\ComSoft -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-1715567821-1606980848-1957994488-500\Software\ComSoft\NikNak -> Dialer.Generic : Cleaned with backup :mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Adviva : Cleaned with backup :mozilla.249:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.271:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup :mozilla.272:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.275:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.317:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.318:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.319:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.320:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.336:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup :mozilla.340:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.343:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.344:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.346:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.347:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.356:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.357:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.358:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Trafic : Cleaned with backup :mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.394:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.434:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.451:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.452:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.468:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Bfast : Cleaned with backup :mozilla.476:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.491:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.492:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.498:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.510:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.523:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.524:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.540:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.543:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.561:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.571:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.572:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.573:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.574:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.588:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup :mozilla.589:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies-1.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup :mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup :mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.249:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.251:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.252:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.253:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.255:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.259:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.260:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.261:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.262:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.263:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.264:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.266:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.267:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.268:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.269:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.270:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.271:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.272:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.273:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.274:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.275:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.276:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.279:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.280:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.283:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.284:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.285:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.286:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.287:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.288:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.289:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.290:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.291:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.292:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.293:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.294:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.295:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.296:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.297:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.298:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.299:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.300:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.308:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup :mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.319:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.321:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.322:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.328:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.329:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.330:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.331:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.352:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.380:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.381:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.383:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.391:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.394:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.395:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.396:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.397:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i0lwr9pt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\WINNT\system32\wininitt32.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup ::Report End The ActiveScan log... Incident Status Location Adware:adware/twain-tech No disinfected C:\WINNT\smdat32a.sys Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\Technology Spyware:spyware/altnet No disinfected Windows Registry Possible Virus. No disinfected C:\Program Files\DealBook FX 2\Update\DCopy.exe The Trend Micro scan (run after Panda) was completely clean. and finally the new HijackThis result text... ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 7:18:26 PM, on 10-Aug-05 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Fujitsu\Fujitsu Quick Touch\AUVCore.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: Vivisimo - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Vivisimo\Toolbar\toolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKCU\..\Run: [Infuzer] C:\Program Files\Infuzer\Infuzer.exe O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [BloglinesNotifier] C:\Program Files\Bloglines Notifier\Notifier.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Fujitsu Quick Touch.lnk = C:\Program Files\Fujitsu\Fujitsu Quick Touch\AUVCore.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Vivisimo Meta-Search - res://C:\Program Files\Vivisimo\Toolbar\toolbar2.dll/SEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe End of KRC HijackThis Analyzer Log. ==================================================================== I did check back on the Symantec logs - the Trojan.cachecachekit came in in the middle of the night (not while surfing) about 2 hours after Backdoor.Bifrose came in. This (Backdoor.Bifrose) did not subsequently show on any scans but may have been a factor in the infection ? Also you were correct in seeing that I didn't have a firewall (I previously had TPF but neglected to reinstall after a disk crash some time ago). An unintended consequence of all this is that I now have a new firewall, a cleaner system, and a much better appreciation of keeping things tidy! Thanks again and let me know if there is anything else I need to do.. regards Wilbee |
|
|
|
|
08-10-2005, 05:57 AM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,605
OS: 2000 Pro; XP Pro; XP Home
|
Well done, almost there.....next:
Download CWShredder at http://www.greyknight17.com/spy/CWShredder.exe and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit. Reboot into safe mode. Delete C:\WINNT\smdat32a.sys<<<that file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\Technology<<<that folder Is DealBook FX 2 a program familiar to you? If not, please do this: I can't find enough information for this file -> C:\Program Files\DealBook FX 2\Update\DCopy.exe Right click on that file and go to Properties. Then go to the Version tab and see what information you can get from there (Company, Description, etc.) and post it here. Reboot into normal mode and run Panda ActiveScan again, and post that new log here, along with a new HJT log.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-10-2005, 04:57 PM
|
#5 (permalink) |
|
I helped the forums.
Join Date: Aug 2005
Posts: 4
OS: Win 2000
|
Trojan.cachecachekit cleanup
Here's what I've done...
Ran CWS shredder which removed 1 file, CWSLook2Me. I deleted the 'Technology' folder in Favorites. I deleted the smdat32a.sys file and noticed the smdat32m.sys next to it but did not delete it. don't know if it was there yesterday - if it means anything it has a last modified date of Jul 04. I had downloaded the Dealbook software from GFTforex.com. It hasn't been used in the last 6 months. None of their software is labelled in the 'properties' section. Panda Active Scan Incident Status Location Adware:adware/twain-tech No disinfected C:\WINNT\smdat32m.sys Spyware:spyware/altnet No disinfected Windows Registry Possible Virus. No disinfected C:\Program Files\DealBook FX 2\Update\DCopy.exe HJT log ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 10:31:13 AM, on 11-Aug-05 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Bloglines Notifier\Notifier.exe C:\Program Files\Fujitsu\Fujitsu Quick Touch\AUVCore.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: Vivisimo - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Vivisimo\Toolbar\toolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKCU\..\Run: [Infuzer] C:\Program Files\Infuzer\Infuzer.exe O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [BloglinesNotifier] C:\Program Files\Bloglines Notifier\Notifier.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Fujitsu Quick Touch.lnk = C:\Program Files\Fujitsu\Fujitsu Quick Touch\AUVCore.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Vivisimo Meta-Search - res://C:\Program Files\Vivisimo\Toolbar\toolbar2.dll/SEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Administrator\Desktop\CWShredder.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe End of KRC HijackThis Analyzer Log. ==================================================================== Thanks for your continuing support - regards, Wilbee |
|
|
|
|
08-10-2005, 06:30 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,605
OS: 2000 Pro; XP Pro; XP Home
|
Hi Wilbee -
Good job, we're almost done here....Panda has identified C:\WINNT\smdat32m.sys as adware, which isn't surprising.....so let's reboot into safe mode again and delete it. If it gives you any problems in deletion, use Killbox with the settings from earlier in the fix. Since you know about Dealbook, we can leave it, or you can uninstall it while in safe mode from Add/Remove Programs in your Control panel, and delete the folder C:\Program Files\DealBook FX 2. How is the condition of your system now? Your HJT log is clean. If there are no more issues, let's have you do the following: Reset hidden/system files and folders
Create a new System Restore point
Enable Windows Auto Update
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
If you do not have a firewall, here are 3 free ones available for personal use: In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-10-2005, 11:41 PM
|
#7 (permalink) |
|
I helped the forums.
Join Date: Aug 2005
Posts: 4
OS: Win 2000
|
Resolved and impressed
tetonbob
Thanks for your expert guidance and persistence - I've cleaned up the last files and installed the additional anti-spyware software so I feel confident I've got a much safer and tighter system. Many thanks Wilbee |
|
|
|
| Thread Tools | |
|
|
