HELP! SpywareQuake trojan & H91746

Computing.Net > Forums > Security and Virus > HELP! SpywareQuake trojan & H91746

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

HELP! SpywareQuake trojan & H91746

Name: MattP2006
Date: March 24, 2006 at 17:47:04 Pacific
OS: Windows XP 2002
CPU/Ram: 2.19 GHz, 512 GB
Product: Dell

Comment:

I cannot get this program called Spyware Quake off of my computer. Everytime I uninstall it, it installs itself within minutes. There is a Virus Alert icon that won't come out of the bottom right system tray. The Spyware Quake tells me that I have 14 infected items but that I need to buy the program to fix it, but clearly I don't want to buy it.
A separate but possibly related problem started today. I saw that someone else was having problems with C:\WINDOW\TEMP\h91746.exe, but the instructions in that topic did not get rid of either of these problems.
Can someone please tell me how to get rid of both of these annoying problems? Thanks!

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: March 24, 2006 at 18:54:51 Pacific

Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 2

Name: MattP2006
Date: March 24, 2006 at 19:02:14 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 10:00:21 PM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
C:\Program Files\Winamp3\winamp3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\1024\ld7AD0.tmp
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-1.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: The Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info.apple.com/iTunes4/WW/win/019-0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124470816968
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - AppInit_DLLs:
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\PROGRA~1\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

Response Number 3

Name: jabuck
Date: March 24, 2006 at 19:54:47 Pacific

Reply:

Please download ATF_Cleaner from this link
http://www.atribune.org/content/view/19/2/ by Atribune.We will run it later in safe mode
Please download smitRem.zip and save it to your desktop from this link http://noahdfear.geekstogo.com/smitRem.exe
Open the file and it will extract itself to a new folder called SmitRem.
Reboot into safe mode by following these directions if you need them How to Boot into Safe Mode
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again, this is normal.
Wait for the tool to complete and Disk Cleanup to finish, this may take a while; please be patient.

Next go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
While still in safe mode set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
While still in safe mode run Hijack This again, close all windows and browsers except HT, place a check to the left of the following items and press "fix checked":
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info.apple.com/iTunes4/WW/win/019-0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124470816968
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - AppInit_DLLs:
Next navigate to and delete these folders if found:
C:\Program Files\SpywareQuake
C:\WINDOWS\system32\1024
.
Now while still in safe mode run ATF-Cleaner.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run Ewido in safe mode.When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log and a new HT log.

Response Number 4

Name: MattP2006
Date: March 25, 2006 at 13:45:03 Pacific

Reply:

OK I did all of that and when my computer started, Spyware Quake was gone but now it is back. I don't know if the MS Dos problem still exists, but I still need help. Thanks so much!
An error message came up while I was using Hijack This:
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: )
Error #5 - Invalid procedure call or argument
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
*******************************************
New HIJACK THIS
Logfile of HijackThis v1.99.1
Scan saved at 4:39:10 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-1.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: The Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\PROGRA~1\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
*********************************************
New Ewido
ewido anti-malware - Scan report

+ Created on: 4:34:30 PM, 3/25/2006
+ Report-Checksum: 5516FC8A
+ Scan result:
:mozilla.15:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.32:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.34:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.35:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.46:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.50:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.51:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.52:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.53:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.54:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.86:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.87:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.88:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.93:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.94:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.95:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.111:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.119:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.198:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.199:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.201:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.202:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.203:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.227:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.228:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.229:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.230:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.231:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.232:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.233:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.234:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.237:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.238:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.244:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.245:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.246:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.247:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.257:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.287:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.288:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.296:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.302:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.330:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.331:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.343:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.344:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.345:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.346:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.363:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.371:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.372:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.373:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.374:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.375:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.376:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.377:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.379:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.380:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.381:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.382:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.387:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.389:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.390:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.391:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.392:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.393:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.394:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.403:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.412:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.413:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.414:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.415:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.416:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.417:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.418:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.419:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.448:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.449:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.455:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.456:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.457:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.479:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.482:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.483:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.484:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.485:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.486:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.487:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.488:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.489:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\quarantine\arc[1].zip.Vir/VerifierBug.class -> Not-A-Virus.Exploit.Java.Bytverify : Error during cleaning
C:\quarantine\arc[1].zip.Vir/Counter.class -> Not-A-Virus.Exploit.Java.Bytverify : Error during cleaning
C:\quarantine\arc[1].zip.Vir/Beyond.class -> Trojan.Femad : Error during cleaning
C:\quarantine\arc[1].zip.Vir/Worker.class -> Trojan.Femad : Error during cleaning
C:\quarantine\arc[1].zip.Vir/web.exe -> Trojan.Revop.e : Error during cleaning
C:\quarantine\arc[1].zip.Vir.0/VerifierBug.class -> Not-A-Virus.Exploit.Java.Bytverify : Error during cleaning
C:\quarantine\arc[1].zip.Vir.0/Worker.class -> Trojan.Femad : Error during cleaning
C:\quarantine\arc[1].zip.Vir.0/web.exe -> Proxy.Small.ah : Error during cleaning
C:\quarantine\arc[1].zip.Vir.0/Beyond.class -> Trojan.Femad : Error during cleaning
C:\quarantine\arc[1].zip.Vir.0/Counter.class -> Not-A-Virus.Exploit.Java.Bytverify : Error during cleaning
C:\quarantine\classload[1].jar.Vir/Dummy.class -> Trojan.ClassLoader.Dummy.a : Error during cleaning
C:\quarantine\classload[1].jar.Vir/GetAccess.class -> Trojan.ClassLoader.c : Error during cleaning
C:\quarantine\classload[1].jar.Vir/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Error during cleaning
C:\quarantine\classload[1].jar.Vir/Installer.class -> Downloader.OpenConnection.s : Error during cleaning
C:\quarantine\enter[1].cab.Vir/inst2.dll -> Downloader.WinShow.au : Error during cleaning
C:\quarantine\enter[1].cab.Vir.0/inst2.dll -> Downloader.WinShow.au : Error during cleaning
C:\quarantine\enter[1].cab.Vir.1/inst2.dll -> Downloader.WinShow.au : Error during cleaning
C:\quarantine\enter[1].cab.Vir.10/inst2.dll -> Hijacker.StartPage.vh : Error during cleaning
C:\quarantine\enter[1].cab.Vir.2/inst2.dll -> Downloader.WinShow.au : Error during cleaning
C:\quarantine\enter[1].cab.Vir.3/inst2.dll -> Downloader.WinShow.au : Error during cleaning
C:\quarantine\enter[1].cab.Vir.4/inst2.dll -> Downloader.WinShow.au : Error during cleaning
C:\quarantine\enter[1].cab.Vir.5/inst2.dll -> Hijacker.StartPage.vh : Error during cleaning
C:\quarantine\enter[1].cab.Vir.6/inst2.dll -> Hijacker.StartPage.vh : Error during cleaning
C:\quarantine\enter[1].cab.Vir.7/inst2.dll -> Hijacker.StartPage.vh : Error during cleaning
C:\quarantine\enter[1].cab.Vir.8/inst2.dll -> Hijacker.StartPage.vh : Error during cleaning
C:\quarantine\enter[1].cab.Vir.9/inst2.dll -> Hijacker.StartPage.vh : Error during cleaning
C:\quarantine\loader1[1].jar.Vir/Counter.class -> Trojan.Femad : Error during cleaning
C:\quarantine\loader1[1].jar.Vir/VerifierBug.class -> Trojan.Femad : Error during cleaning
C:\quarantine\loader1[1].jar.Vir/Worker.class -> Trojan.Femad : Error during cleaning
C:\quarantine\loader1[1].jar.Vir/Xeyond.class -> Trojan.Femad : Error during cleaning

::Report End

Response Number 5

Name: savo (by sradevic)
Date: March 25, 2006 at 14:27:56 Pacific

Reply:

Try logging in as administrator in safe mode and use the fix provided from here: http://www.2-spyware.com/remove-spywarequake.html

firefox new tab default page how to fix invalid procedure call or argument window and help and trojan	help with trojan virus 24 hour Microsoft help with Trojan attack help removing trojan downloader
See More

Response Number 6

Name: jabuck
Date: March 25, 2006 at 15:29:58 Pacific

Reply:

Download Killbox from this link Download killbox from this link Killbox We will need it in safe mode later.
Download FixSQ.zip from this link http://castlecops.com/zx/flrman1/FixSQ.zip and save it to your desktop.
Unzip it to extract the FixSF.reg file it contains.
Go to Add/Remove programs and uninstall SpywareQuake if it is there. Do not restart your computer if it asks you to do so.
Doublclick on the FixSQ.reg file to add it to the registry.
Answer yes to confirm the merge.
Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:
C:\WINDOWS\system32\stickrep.dll
C:\Program Files\SpywareQuake

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Exit the Killbox.
Run SmitRem again
Run Ewido again then post an Ewido and HT log.

Response Number 7

Name: MattP2006
Date: March 25, 2006 at 19:10:26 Pacific

Reply:

OK I think everything looks good right now. Thanks so much, you are awesome. Let me know if it is all cleaned up.

Logfile of HijackThis v1.99.1
Scan saved at 10:07:59 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-1.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: The Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\PROGRA~1\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
************************************************

ewido anti-malware - Scan report

+ Created on: 10:07:46 PM, 3/25/2006
+ Report-Checksum: 1D83CB84
+ Scan result:
:mozilla.17:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\matt pierce\Application Data\Mozilla\Firefox\Profiles\mextpe8f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

::Report End

Response Number 8

Name: jabuck
Date: March 25, 2006 at 19:32:08 Pacific

Reply:

Looks good to me, glad we could help.

Response Number 9

Name: savo (by sradevic)
Date: March 26, 2006 at 01:43:44 Pacific

Reply:

http://www.search-1.net/ is legit?

Response Number 10

Name: paul3
Date: March 27, 2006 at 12:01:29 Pacific

Reply:

follow these directions to remove spywarequake

Sponsored Link

Ads by Google

I Ezero-day vulnerability

Help! Spyware Quake Troj...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: HELP! SpywareQuake trojan & H91746

Need help with Trojan/h91746

Summary

www.computing.net/answers/security/need-help-with-trojanh91746/18166.html

Help: Downloader.Trojan/shellscript

Summary

www.computing.net/answers/security/help-downloadertrojanshellscript/12876.html

Help with Trojan!!

Summary

www.computing.net/answers/security/help-with-trojan/12072.html

From the Geek Dictionary
Gibbing - Usually when playing FPS's a player is hit with a rocket or some other expl...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Conect local user on laptop to domain printer

Video Playing

Paste work-around

CPU Speeds

rolling screen

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

TV Market to Launch Cross-Platform App Store

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE