I need some help please - Log files posted

sammyfry · 08-18-2005, 10:02 AM

Ad-aware found this:

MALWARE.PSGUARD
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[6]=Process : C:\WINNT\system32\intell32.exe
obj[7]=Regkey : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}
obj[8]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "intell32.exe"
obj[11]=Regkey : software\shudderltd
obj[12]=RegValue : software\microsoft\internet explorer\desktop\general "Wallpaper"
obj[13]=RegValue : software\microsoft\internet explorer\main "Display Inline Images"
obj[14]=Folder : C:\Program Files\PSGuard
obj[15]=Folder : C:\Program Files\psguard\Quarantine
obj[16]=File : c:\winnt\system32\intell32.exe
obj[17]=File : C:\DOCUME~1\ddzio\LOCALS~1\Temp\PSGuardInstall.exe

Some symptoms:

I get the flashing grey and white desktop.

I get psguard installed eventhough I uninstalled it. ( I think this is red exclamation in my taskbar)

Pop-ups

Housecall says:

No threats detected.

HIGHJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 12:03:14 PM, on 8/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Extensis\Suitcase\Suitcase.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\intell32.exe
C:\WINNT\explorer.exe
C:\HJT\HijackThis-1.exe

O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Suitcase Startup.lnk = D:\Program Files\Extensis\Suitcase\Suitcase.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup156.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = temel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = temel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = temel.com
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

ANALYZED LOG:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:03:14 PM, on 8/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Program Files\Extensis\Suitcase\Suitcase.exe
C:\WINNT\system32\intell32.exe
C:\HJT\HijackThis-1.exe

O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - Global Startup: AcroTray.exe
O4 - Global Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Suitcase Startup.lnk = D:\Program Files\Extensis\Suitcase\Suitcase.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup156.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = temel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = temel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = temel.com
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

End of KRC HijackThis Analyzer Log.
====================================================================

sammyfry · 08-18-2005, 10:04 AM

Thanks in advance for any help.

sammyfry · 08-18-2005, 02:26 PM

just bumping myself so I don't go to the second page.

Thanks.

MicroBell · 08-19-2005, 01:02 AM

Hi and Welcome to TSF

Please do NOT bump your thread unless no one has replyed in 24 hrs. We will overlook it every time!

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Download Hoster http://www.greyknight17.com/spy/Hoster.exe

Download and install CleanUp! but do not run it yet.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download smitRem.exe and save the file to your desktop.
Double click on the file and it will extract it’s files into it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items:

O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe

Then click fix.

Run the Hoster program and select "Restore Orginal Hosts File"

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

Click [Scanner]
Click [Complete System Scan] to begin scanning.
Click [OK] when prompted to clean files
With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
Once finished, click the [Save report] button
Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Save the scan log and post it along with a new HijackThis Log the Ewido Log and the smitfiles.txt log.

So I Need...

Ewido log
Panda log
Hijackthis log
smitfiles.txt log

sammyfry · 08-22-2005, 08:09 AM

When I run clean-up, do I just back-up important files in my "temp" folder? Is it a good possibility that there are files I may not recognize that I may need? What other folders will it delete items in?

Does windows 2000 have a restore setting?

Thanks.

sammyfry · 08-22-2005, 02:13 PM

I can't install panda:

An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...

Here's my log files for the rest of the steps:

Logfile of HijackThis v1.99.1
Scan saved at 4:16:24 PM, on 8/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Extensis\Suitcase\Suitcase.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ddzio\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Suitcase Startup.lnk = D:\Program Files\Extensis\Suitcase\Suitcase.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup156.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = temel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = temel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = temel.com
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:02:32 PM, 8/22/2005
+ Report-Checksum: 90CA0D6E

+ Scan result:

[392] C:\WINNT\system32\OLEEXT.dll -> TrojanDownloader.Agent.ns : Cleaned with backup
[236] C:\WINNT\system32\OLEEXT.dll -> TrojanDownloader.Agent.ns : Error during cleaning
:mozilla.6:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.7:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.10:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.14:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.15:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.16:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.17:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.18:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.20:C:\Documents and Settings\daguirre\Application Data\Mozilla\Profiles\default\vw6k3ios.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.32:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.38:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.40:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.53:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.54:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.55:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.64:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.65:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.66:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.67:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.68:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.71:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.73:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.99:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.138:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.144:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.145:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.146:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.148:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.149:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.150:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.153:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.154:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.156:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.157:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.163:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.177:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.178:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.179:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.181:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.182:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.183:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.184:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.192:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.193:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.195:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.198:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.199:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.202:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.203:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\daguirre.TEMEL\Application Data\Mozilla\Profiles\default\3dd9436d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.31:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.36:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.59:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.60:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.61:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.62:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.96:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.98:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.99:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.114:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.115:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.116:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.117:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.119:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.120:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.121:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.122:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.142:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.144:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.196:C:\Documents and Settings\ddzio\Application Data\Mozilla\Firefox\Profiles\v0rn1s4u.Default User2\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.6:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.25:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.47:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.95:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.96:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.104:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.106:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.107:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.149:C:\Documents and Settings\ddzio\Application Data\Mozilla\Profiles\Dan\iswonuqj.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\WINNT\sec.exe -> TrojanDropper.Small.acg : Cleaned with backup
C:\WINNT\system32\drv2cltr.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\WINNT\system32\oleext.dll -> TrojanDownloader.Agent.ns : Cleaned with backup

::Report End

Testing presence of HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD ---------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD

HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGuard

Deleting ShudderLTD ----------

Checking if HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD is still present ------

Deleting leftovers in registry ------

leftovers deleted!

smitRem log file
version 2.3

by noahdfear

The current date is: Mon 08/22/2005
The current time is: 13:36:17.57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :)

Pre-run Files Present

~~~ Program Files ~~~

PSGuard

~~~ Shortcuts ~~~

PSGuard spyware remover
PSGuard spyware remover.lnk

~~~ Favorites ~~~

~~~ system32 folder ~~~

oleext.dll
logfiles

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

oleext.dll

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :( Starting replacement procedure.

~~~~ Looking for C:\WINNT\system32\dllcache\wininet.dll ~~~~

~~~~ C:\WINNT\system32\dllcache\wininet.dll Present! ~~~~

~~~~ Checking dllcache\wininet.dll for infection ~~~~

~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~

DESKTOP IS STILL BLINKING! THANKS FOR THE HELP!!!!!!!

sammyfry · 08-23-2005, 09:26 AM

It looks like my desktop is back with the adjustment of some settings.

tetonbob · 08-23-2005, 10:48 AM

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you do not have a firewall, here are 3 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.

sammyfry · 08-23-2005, 02:17 PM

This Site Is The Best!!!!!! Thanks A Million!!!!!!!

Issue Resolved

08-18-2005, 10:02 AM	#1 (permalink)
sammyfry Registered User Join Date: Aug 2005 Posts: 7 OS: win 2000	I need some help please - Log files posted Ad-aware found this: MALWARE.PSGUARD »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[6]=Process : C:\WINNT\system32\intell32.exe obj[7]=Regkey : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3} obj[8]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "intell32.exe" obj[11]=Regkey : software\shudderltd obj[12]=RegValue : software\microsoft\internet explorer\desktop\general "Wallpaper" obj[13]=RegValue : software\microsoft\internet explorer\main "Display Inline Images" obj[14]=Folder : C:\Program Files\PSGuard obj[15]=Folder : C:\Program Files\psguard\Quarantine obj[16]=File : c:\winnt\system32\intell32.exe obj[17]=File : C:\DOCUME~1\ddzio\LOCALS~1\Temp\PSGuardInstall.exe Some symptoms: I get the flashing grey and white desktop. I get psguard installed eventhough I uninstalled it. ( I think this is red exclamation in my taskbar) Pop-ups Housecall says: No threats detected. HIGHJACK THIS LOG: Logfile of HijackThis v1.99.1 Scan saved at 12:03:14 PM, on 8/18/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe D:\Program Files\Extensis\Suitcase\Suitcase.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\system32\intell32.exe C:\WINNT\explorer.exe C:\HJT\HijackThis-1.exe O1 - Hosts: 1159680172 auto.search.msn.com O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe O4 - Global Startup: Suitcase Startup.lnk = D:\Program Files\Extensis\Suitcase\Suitcase.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup156.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = temel.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = temel.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = temel.com O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe ANALYZED LOG: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 12:03:14 PM, on 8/18/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe D:\Program Files\Extensis\Suitcase\Suitcase.exe C:\WINNT\system32\intell32.exe C:\HJT\HijackThis-1.exe O1 - Hosts: 1159680172 auto.search.msn.com O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe O4 - Global Startup: AcroTray.exe O4 - Global Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe O4 - Global Startup: Suitcase Startup.lnk = D:\Program Files\Extensis\Suitcase\Suitcase.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup156.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = temel.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = temel.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = temel.com O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe End of KRC HijackThis Analyzer Log. ====================================================================

08-19-2005, 01:02 AM	#4 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Hi and Welcome to TSF Please do NOT bump your thread unless no one has replyed in 24 hrs. We will overlook it every time! Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware® SE Personal Edition Spybot Search & Destroy CWShredder Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT) Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible. Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point. Download Hoster http://www.greyknight17.com/spy/Hoster.exe Download and install CleanUp! but do not run it yet. NOTE Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. Download smitRem.exe and save the file to your desktop. Double click on the file and it will extract it’s files into it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp!* button to start the program. Reboot/logoff when prompted Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. Now scan with HJT and place a checkmark next to each of the following items: O1 - Hosts: 1159680172 auto.search.msn.com O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe Then click fix. Run the Hoster program and select "Restore Orginal Hosts File" Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply Open Ad-aware and do a full scan. Remove all it finds. Run Ewido: Click [Scanner] Click [Complete System Scan] to begin scanning. Click [OK] when prompted to clean files With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK]. Once finished, click the [Save report] button Save the report to your desktop Close Ewido Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Save the scan log and post it along with a new HijackThis Log the Ewido Log and the smitfiles.txt log. So I Need... Ewido log Panda log Hijackthis log smitfiles.txt log __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

08-23-2005, 10:48 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,158 OS: 2000 Pro; XP Pro; XP Home	Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. If you do not have a firewall, here are 3 free ones available for personal use: Sygate Personal Firewall Kerio Personal Firewall ZoneAlarm In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-18-2005, 10:04 AM	#2 (permalink)
sammyfry Registered User Join Date: Aug 2005 Posts: 7 OS: win 2000	Thanks in advance for any help.

08-18-2005, 02:26 PM	#3 (permalink)
sammyfry Registered User Join Date: Aug 2005 Posts: 7 OS: win 2000	just bumping myself so I don't go to the second page. Thanks.

08-22-2005, 08:09 AM	#5 (permalink)
sammyfry Registered User Join Date: Aug 2005 Posts: 7 OS: win 2000	When I run clean-up, do I just back-up important files in my "temp" folder? Is it a good possibility that there are files I may not recognize that I may need? What other folders will it delete items in? Does windows 2000 have a restore setting? Thanks.

08-23-2005, 09:26 AM	#7 (permalink)
sammyfry Registered User Join Date: Aug 2005 Posts: 7 OS: win 2000	It looks like my desktop is back with the adjustment of some settings.

08-23-2005, 02:17 PM	#9 (permalink)
sammyfry Registered User Join Date: Aug 2005 Posts: 7 OS: win 2000	This Site Is The Best!!!!!! Thanks A Million!!!!!!! Issue Resolved