qoologic, cmdservice and other ohhh my

[dabagboy]

Given the problems I've had with running these apps on reboot, I have to say I didn't see any confirmation that KillBox ran? is there a way to confirm? here is the log i found in the !Killbox log directory

Pocket Killbox version 2.0.0.588
Running on Windows XP as dknox(Administrator)
was started @ Tuesday, January 31, 2006, 9:36 AM

Killbox Closed(Exit) @ 9:39:28 AM
__________________________________________________

Pocket Killbox version 2.0.0.588
Running on Windows XP as dknox(Administrator)
was started @ Thursday, February 02, 2006, 9:33 AM

Killbox Closed(Exit) @ 9:37:01 AM
__________________________________________________

Pocket Killbox version 2.0.0.588
Running on Windows XP as dknox(Administrator)
was started @ Thursday, February 02, 2006, 9:37 AM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\myupdates.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\NDNuninstall7_22.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\0s0s0raw.dll


# 4 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\aqiaape.dll


# 5 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\ckjccvf.exe


# 6 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\hpsw.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\lgkll.dll


# 8 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\paytime.exe


# 9 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\pi1_58.exe


# 10 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\rif_32.dll


# 11 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\rif_32.exe


# 12 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\vqwvv.dat


# 13 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\wgse.exe


# 14 [Delete on Reboot]
Path = C:\WINDOWS\tool2.exe


# 15 [Delete on Reboot]
Path = C:\WINDOWS\toolbar.exe


# 16 [Delete on Reboot]
Path = C:\WINDOWS\TWFzb24gR2lsbA\command.exe


I Rebooted @ 9:40:18 AM
Killbox Closed(Exit) @ 9:40:21 AM
__________________________________________________

 

[LonnyRJones]

Hi
Look2me has been taken out so your programs should be able to run on reboot but first >
Manualy delete this folder
C:\WINDOWS\TWFzb24gR2lsbA

Do run findqoologic and post its report

 

[dabagboy]

Hi
Look2me has been taken out so your programs should be able to run on reboot but first >
Manualy delete this folder
C:\WINDOWS\TWFzb24gR2lsbA

Do run findqoologic and post its report

I couldn't find
C:\WINDOWS\TWFzb24gR2lsbA
Yes I have checked show hidden files and folders under Folder Options

Here is qoologic report....



Find Qoologic last edited 01/08/2006
Running from
C:\Documents and Settings\mgill\Desktop\Malware removal tools\Find-Qoologic\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»» Search by size and name»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

C:\WINDOWS\SYSTEM32\KYPKKA.EXE
C:\WINDOWS\SYSTEM32\VQWVV.DAT
C:\WINDOWS\SYSTEM32\LGKLL.DLL
C:\WINDOWS\SYSTEM32\AQIAAPE.DLL
C:\WINDOWS\SYSTEM32\CKJCCVF.EXE
C:\WINDOWS\SYSTEM32\VQWVV.DAT
C:\WINDOWS\SYSTEM32\KYPKKA.EXE
C:\WINDOWS\PBNPPC.DAT
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\IPOI.EXE
.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu]
@="{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

--
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\qgmqqyfg]
@="{5a53a267-2214-458d-921c-8097d78027cf}"

[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus]
.....
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsync"="C:\\WINDOWS\\system32\\kypkka.exe reg_run"
.....
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]

 

[LonnyRJones]

Hi

Use that same killbox method on this list of files

C:\WINDOWS\SYSTEM32\KYPKKA.EXE
C:\WINDOWS\SYSTEM32\VQWVV.DAT
C:\WINDOWS\SYSTEM32\LGKLL.DLL
C:\WINDOWS\SYSTEM32\AQIAAPE.DLL
C:\WINDOWS\SYSTEM32\CKJCCVF.EXE
C:\WINDOWS\SYSTEM32\VQWVV.DAT
C:\WINDOWS\PBNPPC.DAT
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\IPOI.EXE


After the reboot

go start run and paste in
C:\WINDOWS\TWFzb24gR2lsbA
was it there ?

Run Hijackthis and have it fix this item
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kypkka.exe reg_run

Run SpyBot check for updates then problems and fix anything found Twice, the second time if anything was found post a SpyBot report
To do so rightclick in the results windows and choose save report to clipbourd
Post it please

 

[dabagboy]

Amen, it's looking more and more like sometime this week I will be able to return to my "real" work

Let me know what else I should do today, tomorrow next week....

ps: that directory showed up when I posted to Windows explorer and I was able to delete it....

pss: the Spybot log is too large due to forum limits of 20,000 characters....I've tried to 'attach a file' ...still too large.... here is the first part let me know if you want later sections.....
--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-01-27 Includes\Cookies.sbi (*)
2006-01-27 Includes\Dialer.sbi (*)
2006-01-27 Includes\Hijackers.sbi (*)
2006-01-27 Includes\Keyloggers.sbi (*)
2006-01-27 Includes\Malware.sbi (*)
2006-01-27 Includes\PUPS.sbi (*)
2006-01-27 Includes\Revision.sbi (*)
2006-01-27 Includes\Security.sbi (*)
2006-01-27 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-01-27 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)

 

[LonnyRJones]

Thats enough of the report, thanks

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

REGEDIT4

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\qgmqqyfg]
[-HKEY_CLASSES_ROOT\CLSID\{5a53a267-2214-458d-921c-8097d78027cf}]

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Run Ewido do a full scan again, have it remove any items found then post its report please.

 

[dabagboy]

got the registry change applied....now a strange EWIDO problem, when I start the program it seems to be open in the windows desktop toolbar, but the window doesn't appear?

I restarted windows and EWIDO just sits in the toolbar? I can close but restarting doesn't show it on the desktop? just the toolbar?

 

[LonnyRJones]

Thats odd
Try this,, rightclick on its windows taskbar icon, select move then use the
arrow keys on your keybourd, press enter when its where you want it.
If that didnt help uninstall it reboot and install once again will.

 

[dabagboy]

RE: hidden EWIDO program .....It was the "move" thing, funny I tried that yesterday but forgot to use the keyboard the mouse failed me.....

anyway here is the log
edited as it was too long to post now in 2 or 3 parts..
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:49:22 AM, 2/3/2006
+ Report-Checksum: 4EEC432C

+ Scan result:

C:\!KillBox\0s0s0raw.dll -> Adware.Sud : Cleaned with backup
C:\!KillBox\aqiaape.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\!KillBox\ckjccvf.exe -> Trojan.Pakes : Cleaned with backup
C:\!KillBox\command.exe -> Adware.CommAd : Cleaned with backup
C:\!KillBox\hpsw.exe -> Adware.Suggestor : Cleaned with backup
C:\!KillBox\ipoi.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\!KillBox\kypkka.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\!KillBox\lgkll.dll -> Downloader.Small : Cleaned with backup
C:\!KillBox\myupdates.exe -> Downloader.Adload.l : Cleaned with backup
C:\!KillBox\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\!KillBox\paytime.exe -> Hijacker.StartPage.adi : Cleaned with backup
C:\!KillBox\pi1_58.exe -> Downloader.Small.bue : Cleaned with backup
C:\!KillBox\rif_32.dll -> Logger.Agent.gk : Cleaned with backup
C:\!KillBox\rif_32.exe -> Logger.Agent.gk : Cleaned with backup
C:\!KillBox\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.az : Cleaned with backup
C:\!KillBox\toolbar.exe -> Downloader.Adload.j : Cleaned with backup
C:\!KillBox\vqwvv.dat -> Downloader.Qoologic.at : Cleaned with backup
C:\!KillBox\wgse.exe -> Trojan.Runner.h : Cleaned with backup
C:\Documents and Settings\mgill\Application Data\Mercora\MercoraClient\Data\MyPictures.dat -> Spyware.Grokster : Cleaned with backup
:mozilla.16:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.57:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.62:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.63:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.64:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.68:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

 

[dabagboy]

Part II

Part II

:mozilla.71:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.113:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.114:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.115:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.116:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.117:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.122:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.130:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.132:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.133:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.134:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.143:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.144:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.145:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.146:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.147:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.148:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.149:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.157:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.158:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.159:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.160:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.165:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.166:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.167:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.168:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.169:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.199:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.208:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.216:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.217:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.218:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.219:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.220:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.221:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.222:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.235:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.236:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.240:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.263:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.264:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.265:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.266:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.267:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.268:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.269:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.278:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.279:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.280:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.281:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.282:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.283:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.284:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.285:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.286:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.298:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.316:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.438:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.494:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.495:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup

 

[dabagboy]

Part III

Part III

:mozilla.633:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.634:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.635:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.636:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.637:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.638:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.639:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.648:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.649:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.650:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.651:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.652:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.653:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.654:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.655:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.656:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.657:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.663:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.664:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.665:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.705:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.712:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.713:C:\Documents and Settings\mgill\Application Data\Mozilla\Firefox\Profiles\uxezj0cq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\mgill\Cookies\dknox@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mgill\Cookies\dknox@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\mgill\Cookies\dknox@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\mgill\Cookies\dknox@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mgill\Cookies\dknox@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\mgill\Cookies\dknox@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mgill\Cookies\dknox@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/CBMMDLG.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/d20mlcd11f0.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/dgprop.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/drvenum.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/enj2l11o1.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/f40oled31h0.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/hr4s05h7e.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/i8loli3318.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/ILSPOLCY.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/mdftedit.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/n6l8lg3u16.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/p0n8la5u1d.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/rmmps.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/UARV80A.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\backup.zip/dlls/uilmon.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\CBMMDLG.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\d20mlcd11f0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\dgprop.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\drvenum.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\enj2l11o1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\f40oled31h0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\hr4s05h7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\i8loli3318.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\ILSPOLCY.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\mdftedit.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\n6l8lg3u16.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\p0n8la5u1d.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\rmmps.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\UARV80A.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Desktop\Malware removal tools\l2mfix\dlls\uilmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\mgill\Local Settings\Temp\Cookies\dknox@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mgill\Local Settings\Temp\Cookies\dknox@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\mgill\Local Settings\Temp\Cookies\dknox@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\mgill\Local Settings\Temp\Cookies\dknox@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\mgill\Local Settings\Temp\Cookies\dknox@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\mgill\Local Settings\Temp\Cookies\dknox@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc101.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc104.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc105.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc113.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc114.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc12.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc15.txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc156.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc16.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc2.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc23.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc24.txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc31.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc34.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc37.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc38.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc4.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc40.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc41.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc42.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc43.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc47.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc50.txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc57.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc68.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc71.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc8.txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc82.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc86.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc89.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-507921405-725345543-500\Dc9.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058742.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058743.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058756.exe -> Dropper.VB.kk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058761.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058768.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058769.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058770.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058781.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058796.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058797.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058798.exe -> Spyware.Look2Me : Cleaned with backup
C:\System Volume

 

[dabagboy]

Part IV

Part IV

Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058799.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058800.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058801.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058802.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058803.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058804.dll -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058805.cpl -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058808.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058813.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058815.exe -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058816.dll -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058817.exe -> Logger.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058823.exe -> Spyware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058824.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058825.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058826.exe -> Spyware.Zestyfind : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058829.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058834.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058839.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058844.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058849.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058854.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058856.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058859.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058864.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058869.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058874.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058877.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0058899.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059925.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059925.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059928.exe -> Not-A-Virus.Hoax.Win32.Renos.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059929.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059930.exe -> Downloader.Small.cam : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059931.exe -> Downloader.Small.bmx : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059932.EXE -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059935.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059937.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059938.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059944.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059945.exe -> Downloader.Harnig.bb : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0059946.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059950.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059952.dll -> Spyware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059953.exe -> Logger.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059954.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059962.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059972.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059981.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059982.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059983.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059990.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0059997.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060009.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060016.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060017.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060018.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060028.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060029.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060030.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060031.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060042.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060046.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060051.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060052.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060053.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060054.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060055.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060071.dll -> Spyware.UCmore : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060072.dll -> Spyware.UCmore : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060077.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060078.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060079.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060082.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060083.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060088.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060089.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060090.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060092.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060093.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP845\A0060096.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060102.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060119.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060135.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060141.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060146.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060148.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060149.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060150.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060151.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060169.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060174.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060175.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060176.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060177.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060179.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060180.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060181.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060182.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060183.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060184.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060185.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060186.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060187.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060188.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060189.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060190.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060191.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060192.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060338.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060339.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060341.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060342.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060358.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060359.exe

 

[dabagboy]

Part V

Part V

-> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060361.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060362.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060386.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060394.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060395.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060414.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060415.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060417.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0060418.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060428.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060429.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060431.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060432.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060436.exe -> Downloader.Adload.l : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060437.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060438.dll -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060439.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060440.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060441.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060442.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060443.exe -> Hijacker.StartPage.adi : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060444.exe -> Downloader.Small.bue : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060445.dll -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060446.exe -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060447.exe -> Trojan.Runner.h : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060448.exe -> Not-A-Virus.Hoax.Win32.Renos.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060449.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060450.exe -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060455.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060475.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060476.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060477.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060479.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060480.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060481.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060482.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP847\A0060483.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\Temp\Cookies\dknox@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\dknox@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\dknox@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\WINDOWS\Temp\Cookies\dknox@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup


::Report End

 

[LonnyRJones]

Good

Use a program like system security suite to clear temps about every couple weeks
System Security Suite.
http://www.igorshpak.net/
Extract it from the zip file and run setup.exe
after the install you can delete setup.exe and the downloaded zip file
Start the program Check all the boxes under the 'Items to Clear' (except perhaps cookies) tab and click
'Clear Selected Items'. You will be prompted to reboot, do so.

Prevention:
Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
How did that go ?
Replace it about once monthly to keep it updated

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279


Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

Let us know if there are any problems

 

[dabagboy]

Does that mean I'm done?

 

[LonnyRJones]

Yes, Good work.

We will leave the thread open for a few days just in case you need to post again.

 

[dabagboy]

Now something has tackled our Windows 2000 server, same domain as client PC last week which is again "infected."

Biggest problem right now is Windows Installer will not run/comlete/start. I just hangs, same in safe mode, cannot be started manually.

What now?

 

[LonnyRJones]

If the same pc is having problems post a fresh hijackthis log, if its another pc start a new topic and mention it is a differant pc please.

 

[tashi]

As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the topic.

Glad we could help, thank you Lonny.