Solved: Smitfraud for Christmas

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Avalon Polo

Thread Starter
Joined
Dec 24, 2005
Messages
11
I came home today to find a "spyware infection" desktop and several things in the vein of spysherriff. I always thought that these sort of things do not infect fully-updated windows versions, so this is strange. I also have Windows Anti-Spyware, which detected the spyware immediately and ran a scan. It found two dozen things, which I told it to delete. It seemed to get rid of the worst offenders - spysherriff is gone, there are no intrusive popups and noahdfear is no longer blocked. The problem is that the annoying smitfraud desktop is still in place. I'd like to get rid of it as well as anything else that Windows Anti-Spyware hadn't noticed. Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:33:25 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Igor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135479905953
O17 - HKLM\System\CCS\Services\Tcpip\..\{2626302C-A46E-4F53-8020-0FC87F6618CD}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{346C5557-2730-45C5-BD1E-B4E3A0A416B9}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{547EA0B5-B4AE-4C3A-8128-57AFAEF1ED34}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\..\{2626302C-A46E-4F53-8020-0FC87F6618CD}: NameServer = 85.255.116.136,85.255.112.184
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SWdvcg\command.exe (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
You have no anti-virus protection.
Get AVG (it's free): http://free.grisoft.com/doc/1
Install it and run a scan.

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

Avalon Polo

Thread Starter
Joined
Dec 24, 2005
Messages
11
I downloaded both the virus scan you recommended and ewido. Both returned infected files. I also did something I'm not sure I should have - I went in and deleted the files in quarantine, using Delete in AVG and Remove Finally in ewido. Should I not do that or does it not really matter?

Anyhow, here is the HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:53:26 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Igor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135479905953
O17 - HKLM\System\CCS\Services\Tcpip\..\{2626302C-A46E-4F53-8020-0FC87F6618CD}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{346C5557-2730-45C5-BD1E-B4E3A0A416B9}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{547EA0B5-B4AE-4C3A-8128-57AFAEF1ED34}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\..\{2626302C-A46E-4F53-8020-0FC87F6618CD}: NameServer = 85.255.116.136,85.255.112.184
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SWdvcg\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
 

Avalon Polo

Thread Starter
Joined
Dec 24, 2005
Messages
11
The ewido scan is too long to post in one. I'll do a two part post.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:47:51 PM, 1/1/2006
+ Report-Checksum: 770DA0B9

+ Scan result:

HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\1 -> Spyware.MidAddle : Cleaned with backup
C:\Documents and Settings\Igor\2.dat -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
 

Avalon Polo

Thread Starter
Joined
Dec 24, 2005
Messages
11
Here's part 2 of the ewido scan.

:mozilla.136:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Igor\Application Data\Mozilla\Firefox\Profiles\8opnofuy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Igor\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Igor\Local Settings\Temp\dk.dial -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Igor\Local Settings\Temporary Internet Files\Content.IE5\V6G7NP4L\1002[1].exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\Documents and Settings\Igor\Local Settings\Temporary Internet Files\Content.IE5\V6G7NP4L\xpl[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\60C29B9D-C736-4463-ADB6-1B1F48\6AFB9F3B-92A9-43B2-9BD9-569818 -> Spyware.CommAd : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\60C29B9D-C736-4463-ADB6-1B1F48\FA7D7445-9FA9-45D0-B648-570BA4 -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\system32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
C:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : Cleaned with backup
C:\WINDOWS\system32\winctrl32.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup


::Report End
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Click Start – Run - and type in:

services.msc

Click OK.

In the services window find: Command Service

Right click and choose Properties. On the General tab under Service Status click the Stop button to stop the service. Beside Startup Type in the dropdown menu select Disabled. Click Apply then OK. Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O17 - HKLM\System\CCS\Services\Tcpip\..\{2626302C-A46E-4F53-8020-0FC87F6618CD}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{346C5557-2730-45C5-BD1E-B4E3A0A416B9}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{547EA0B5-B4AE-4C3A-8128-57AFAEF1ED34}: NameServer = 85.255.116.136,85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\..\{2626302C-A46E-4F53-8020-0FC87F6618CD}: NameServer = 85.255.116.136,85.255.112.184
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SWdvcg\command.exe (file missing)


Boot into Safe Mode.

Find and delete this folder: C:\WINDOWS\SWdvcg

Also in Safe Mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

It's normal if some files don't delete!

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 

Avalon Polo

Thread Starter
Joined
Dec 24, 2005
Messages
11
Thanks for your help. I completed all the steps, but couldn't find "O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SWdvcg\command.exe (file missing)" in HijackThis.

The computer seems to be running alright, but the intrusive desktop is still in place, although I can now right-click it to bring up the properties, which I couldn't do before.

Anyway, here's the new log:


Logfile of HijackThis v1.99.1
Scan saved at 2:47:24 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Igor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135479905953
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download and save Cleandesktop to your computer from this link: http://www.thespykiller.co.uk/files/cleandesktop.exe and double click on the cleandesktop.exe

It will automatically extract to c:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script

If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs Do not run any other file from there please unless asked to

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

If you get a message when you first run it "Can not find script file "blah blah blah" then don't worry just doubleclick the cleandesktop.vbs script again you sometimes get that message when a script blocker blocks the script

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.

Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the c:\desktopclean folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

To restore the desktop to whatever picture you normally have right click on a blank part of desktop & select properties/desktop & select your prefered picture press apply & then ok to exit and then press F5.

You will need to do this step for every user account.
 

Avalon Polo

Thread Starter
Joined
Dec 24, 2005
Messages
11
I ran the executable you sent and the Desktop is now clean. It looks fine. However, I may have stupidly run into antoher problem. After I turned on "show hidden files", I noticed an ini file on the Desktop that contained the following two lines:

[LocalizedFileNames]
Windows Media [email protected]:\WINDOWS\inf\unregmp2.exe,-4
I decided to see the location of this file, but I accidentally copied the entire location into the address bar and the executable ran. A search for unregmp2.exe on google that told me that it was dangerous. Have I re-infected myself? What should I do with the desktop.ini file?
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
I actually think it's OK. I have the same file on my system.
If you do a search for unregmp2.exe, right click on the file and choose Properties.
Go to the tab that says Version.
Under Description, it should be labeled as a Microsoft file.
It should say Microsoft Windows Media Player Setup Utility.
 

Avalon Polo

Thread Starter
Joined
Dec 24, 2005
Messages
11
Looks like you're right. Thanks for helping. This laptop feels like it's healthy again.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
You're welcome :)

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

You can mark your thread "Solved" from the Thread Tools drop down menu.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Since this problem has been solved, I'm closing this thread. If you need it re-opened please PM me or one of the other Mods.

Anyone else with a similar problem please start a "New Thread".
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top