Help! I couldn't even open HJT!!!

[anyabelle]

Update:

I used my sister's windows account and thank goodness the firewall works in there. However, the same systems applications still would automatically close upon opening (regedit, msconfig and task manager).

Since the firewall worked, I screencapped all applications that were running. Blocked those I think were unnecessary. But can you guys please check this:



What should I delete through and through. What are others things to do?

By the way, I still can't install HJT.

Your help will be much greatly appreciated. Thanks

Anyways, my previous message below:

I found a new running executable in my task manager. mswindtc.exe. Worse thing is I have to hold the task manager buttons down (ctrl-alt-del) just to get a glimpse of the executables because it just keeps automatically closing.

Other applications automatically closing upon recent search of worm: command prompt, regedit and msconfig! Can you imagine???

And it even automatically closes down firewalls and wouldn't even let me install hijackthis!!! My god, is this a smart worm???

Ahhh!!! Seriously, I'm dying here. I'm supposed to pass a very important thesis. Please tell me I'm just going out of my mind!!! Wah!

[Acrobaze]

Hi,

Can you boot in safe mode and then run HijackThis ?

[anyabelle]

Finally, I could open up HJT!

Anyways, here goes, log file in safe mode:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:27 PM, on 12/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Installers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O1 - Hosts: 205.209.170.120 www.halifax-online.co.uk
O1 - Hosts: 82.146.42.123 ibank.barclays.co.uk
O1 - Hosts: 82.146.42.123 online.lloydstsb.co.uk
O1 - Hosts: 205.209.170.120 online-business.lloydstsb.co.uk
O1 - Hosts: 205.209.170.120 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 82.146.42.123 www.nwolb.com
O1 - Hosts: 205.209.170.120 banesnet.banesto.es
O1 - Hosts: 205.209.170.120 extranet.banesto.es
O1 - Hosts: 205.209.170.120 ebanking.bccbrescia.it
O1 - Hosts: 205.209.170.120 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 205.209.170.120 www.rbsdigital.com
O1 - Hosts: 82.146.42.123 oi.cajamadrid.es
O1 - Hosts: 82.146.42.123 bancae.caixapenedes.com
O1 - Hosts: 205.209.170.120 banking.postbank.de
O1 - Hosts: 205.209.170.120 meine.deutsche-bank.de
O1 - Hosts: 205.209.170.120 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 205.209.170.120 ibank.cahoot.com
O1 - Hosts: 205.209.170.120 webbank.openplan.co.uk
O1 - Hosts: 82.146.42.123 lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 www.lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 www.lloydstsb.com
O1 - Hosts: 82.146.42.123 personal.barclays.co.uk
O1 - Hosts: 82.146.42.123 barclays.co.uk
O1 - Hosts: 82.146.42.123 www.barclays.co.uk
O1 - Hosts: 82.146.42.123 nwolb.com
O1 - Hosts: 82.146.42.123 hsbc.co.uk
O1 - Hosts: 82.146.42.123 www.hsbc.co.uk
O1 - Hosts: 82.146.42.123 abbey.com
O1 - Hosts: 82.146.42.123 www.abbey.com
O1 - Hosts: 82.146.42.123 www.abbey.co.uk
O1 - Hosts: 82.146.42.123 abbey.co.uk
O1 - Hosts: 82.146.42.123 cahoot.com
O1 - Hosts: 82.146.42.123 www.cahoot.com
O1 - Hosts: 82.146.42.123 www.cahoot.co.uk
O1 - Hosts: 82.146.42.123 cahoot.co.uk
O1 - Hosts: 82.146.42.123 www.co-operativebank.co.uk
O1 - Hosts: 82.146.42.123 co-operativebank.co.uk
O1 - Hosts: 82.146.42.123 www.co-operativebank.com
O1 - Hosts: 82.146.42.123 co-operativebank.com
O1 - Hosts: 82.146.42.123 welcome2.co-operativebankonline.co.uk
O1 - Hosts: 82.146.42.123 welcome6.co-operativebankonline.co.uk
O1 - Hosts: 82.146.42.123 welcome8.co-operativebankonline.co.uk
O1 - Hosts: 82.146.42.123 welcome10.co-operativebankonline.co.uk
O1 - Hosts: 82.146.42.123 www.smile.co.uk
O1 - Hosts: 82.146.42.123 smile.co.uk
O1 - Hosts: 82.146.42.123 www.cajamar.es
O1 - Hosts: 82.146.42.123 cajamar.es
O1 - Hosts: 82.146.42.123 www.cajamar.com
O1 - Hosts: 82.146.42.123 www.unicaja.es
O1 - Hosts: 82.146.42.123 unicaja.es
O1 - Hosts: 82.146.42.123 www.unicaja.com
O1 - Hosts: 82.146.42.123 unicaja.com
O1 - Hosts: 82.146.42.123 www.caixagalicia.es
O1 - Hosts: 82.146.42.123 caixagalicia.es
O1 - Hosts: 82.146.42.123 www.caixagalicia.com
O1 - Hosts: 82.146.42.123 caixagalicia.com
O1 - Hosts: 82.146.42.123 activa.caixagalicia.es
O1 - Hosts: 82.146.42.123 www.caixapenedes.es
O1 - Hosts: 82.146.42.123 caixapenedes.es
O1 - Hosts: 82.146.42.123 www.caixapenedes.com
O1 - Hosts: 82.146.42.123 caixapenedes.com
O1 - Hosts: 82.146.42.123 www.caixasabadell.es
O1 - Hosts: 82.146.42.123 caixasabadell.es
O1 - Hosts: 82.146.42.123 www.caixasabadell.net
O1 - Hosts: 82.146.42.123 caixasabadell.net
O1 - Hosts: 82.146.42.123 www.cajamadrid.es
O1 - Hosts: 82.146.42.123 cajamadrid.es
O1 - Hosts: 82.146.42.123 www.cajamadrid.com
O1 - Hosts: 82.146.42.123 cajamadrid.com
O1 - Hosts: 82.146.42.123 www.ccm.es
O1 - Hosts: 82.146.42.123 ccm.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [win msdt service] mswindtc.exe
O4 - HKLM\..\RunServices: [KYK Control Settings] KYSVCXD.EXE
O4 - HKLM\..\RunServices: [Microsoft Security Controlers] fxsecues.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [winsupdatesysmngr64] winsys64mnger.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: MySQL - Unknown owner - E:\Program.exe (file missing)
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINDOWS\System32\cfmon.exe (file missing)

[Acrobaze]

Ok. Follow these steps :

1- Download : HOSTER.
Unzip it only.

2- Download the trial version of Ewido Security Suite from HERE.
Install it (When installing, under "Additional Options" uncheck : -Install background guard and -Install scan via context menu), and update the definitions to the newest files. Do NOT run a scan yet.

Reboot your computer in SafeMode .

1- Run HijackThis and tick :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe

O4 - HKLM\..\Run: [win msdt service] mswindtc.exe
O4 - HKLM\..\RunServices: [KYK Control Settings] KYSVCXD.EXE
O4 - HKLM\..\RunServices: [Microsoft Security Controlers] fxsecues.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [winsupdatesysmngr64] winsys64mnger.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O23 - Service: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINDOWS\System32\cfmon.exe (file missing)

Click "Fix checked".

2- Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop
Close Ewido

3- Run Hoster. Press the Restore Original Hosts button and then press the OK button.

Reboot in normal mode and here:
- Post a new HijackThis log.
- Copy/paste the Ewido report, please.

[anyabelle]

Yes, finally, could open up my system applications! 'Cept for ipconfig though. Hmm... Anyways:

HijackThis Logfile on Normal Mode

Logfile of HijackThis v1.99.1
Scan saved at 5:54:40 PM, on 12/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Installers\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [winsupdatesysmngr64] winsys64mnger.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: MySQL - Unknown owner - E:\Program.exe (file missing)
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINDOWS\System32\cfmon.exe (file missing)

[anyabelle]

Scan Report 1 from Ewido

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:46:12 PM, 12/24/2005
+ Report-Checksum: FFFF0B66

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.Con tentMatchTag -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.Con tentMatchTag\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.Con tentMatchTag\CurVer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.Con tentMatchTag.1 -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E9A5B71C-093B-4F34-AF07-34FCA89BA0DF} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Elitum -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Elitum\EliteToolBar -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\.DEFAULT\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\.DEFAULT\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-18\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-18\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\J6FRLAY2\sfbho13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L7R3OYWK\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T3K338YL\cmctl[1].dll -> Spyware.AdMir : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AFHGNVAH\stubinstaller5041[1].ex_ -> Downloader.Small.asf : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AFHGNVAH\sidefind13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@xxxtoolbar[2].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\WINDOWS\system32\TFTP4596 -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\TFTP3256 -> Backdoor.Codbot.z : Cleaned with backup
C:\WINDOWS\system32\sp.exe/kansy.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\WINDOWS\system32\sp.exe/kany.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\WINDOWS\system32\sp.exe/update-sp2.html -> Trojan.Lowzone.AL : Cleaned with backup
C:\WINDOWS\system32\4.html -> Spyware.Linker : Cleaned with backup
C:\WINDOWS\system32\TFTP372 -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\%SYSROOT%\kansy.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\WINDOWS\system32\%SYSROOT%\update-sp2.html -> Trojan.Lowzone.AL : Cleaned with backup
C:\WINDOWS\system32\TFTP1776 -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\eraseme_85436.exe -> Backdoor.SdBot.aik : Cleaned with backup
C:\WINDOWS\system32\eraseme_37412.exe -> Backdoor.SdBot.aiv : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9ZQX8BF7\3e8ad79a0434[1].jpg/kansy.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9ZQX8BF7\3e8ad79a0434[1].jpg/kany.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9ZQX8BF7\3e8ad79a0434[1].jpg/update-sp2.html -> Trojan.Lowzone.AL : Cleaned with backup
C:\Documents and Settings\Angel\Local Settings\Temporary Internet Files\Content.IE5\J6FRLAY2\exe1[1].exe -> Proxy.Agent.ih : Cleaned with backup
C:\Documents and Settings\Angel\Cookies\angel@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Angel\Cookies\angel@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Angel\Cookies\angel@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Angel\Cookies\angel@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Angel\Cookies\angel@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup

[anyabelle]

Scan Report 2 from Ewido

:mozilla.34:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup

[anyabelle]

Scan Report 3 from Ewido

:mozilla.211:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

[anyabelle]

Scan Report 4 from Ewido

:mozilla.502:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Angel\Application Data\Mozilla\Firefox\Profiles\rv5shnhp.default\coo kies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.21:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.23:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.24:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.25:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.26:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.27:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.30:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.31:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.32:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.33:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.64:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.72:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.79:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.80:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.81:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.82:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.83:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.88:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.94:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.95:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.99:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup

[anyabelle]

Scan Report 5 from Ewido

:mozilla.100:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.110:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.126:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.136:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.139:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.140:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.153:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.154:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.155:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.162:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.166:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.167:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.168:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.169:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.171:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.172:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.186:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.194:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.195:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.196:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.198:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.199:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.200:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.201:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.202:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.203:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.204:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.213:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.215:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.217:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.218:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.220:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.221:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.222:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.241:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.269:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.273:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.279:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.280:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.293:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.294:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.320:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.321:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.323:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.354:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.355:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.384:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.429:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.457:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.461:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.467:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.468:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.481:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.482:C:\Documents and Settings\MAAbella\Application Data\Mozilla\Firefox\Profiles\tp7dktkd.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\System Volume Information\_restore{549F9776-F02A-448C-837F-66634C952C15}\RP202\A0135564.exe -> Proxy.Agent.ih : Cleaned with backup
C:\System Volume Information\_restore{549F9776-F02A-448C-837F-66634C952C15}\RP207\A0138189.exe -> Trojan.Crypt.d : Cleaned with backup
C:\apace.exe -> Proxy.Agent.ih : Cleaned with backup
F:\Angel\Acad Related\Parallel Port in C\parallelport1.htm -> Spyware.BookedSpace : Cleaned with backup


::Report End

[anyabelle]

Wow, hope I copied it all.

Thanks for analyzing all of this!

[Acrobaze]

Ok. Good cleaning !

Run HijackThis and tick :

O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [winsupdatesysmngr64] winsys64mnger.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe

O23 - Service: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINDOWS\System32\cfmon.exe (file missing)

Click 'Fix checked".

Search these files : mswindtc.exe , winsys64mnger.exe , mswindtc.exe.
Delete them if found (in safe mode if needed).

After a reboot, post a new HijackThis log and let me know how the computer is running.

[anyabelle]

cfmon.exe couldn't be ridded off. i wonder why's that.

everything seems pretty back to normal. but with the 318 malicious files found, i'm now so afraid of even logging in into the net. the only sites i visited these past few hours are these and my yahoo mail, hehe.

oh yah, i still couldn't get in ipconfig. everything else seems to be okay though.

anyways:

Logfile of HijackThis v1.99.1
Scan saved at 10:25:28 PM, on 12/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Installers\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: MySQL - Unknown owner - E:\Program.exe (file missing)
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINDOWS\System32\cfmon.exe (file missing)

[anyabelle]

So is this okay? Cuz if it is, I'm already itching to say thank you so much. If not yet, well thank you in advance

[Acrobaze]

Hi,

Only one value to clean :
O23 - Service: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINDOWS\System32\cfmon.exe (file missing)
It's a trace of a trojan.

Start->run->type: services.msc
Double click : Sound Sservice Driver
Stop and disable it.

Now, run HijackThis->config->misc tools->delete an NT service
In the box, type : Sound Service
->ok and follow the prompts.

After a reboot, verify that this value is not present anymore.

Happy surfing, anyabelle !