Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please! I Can't Get Rid Of Freeprod!


  • This topic is locked This topic is locked
7 replies to this topic

#1 paintpastel

paintpastel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 06 December 2005 - 01:25 PM

I have no idea where freeprod came from, but for a while I could not get the task manager to show up. Two days ago freeprod installed itself, now I get popups and the computer freezes/restarts.



Logfile of HijackThis v1.99.1
Scan saved at 1:16:09 PM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MsUpdate\MsUpdate.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Opera850\Opera.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [1X0Mf] C:\WINDOWS\lupox.exe
O4 - HKLM\..\Run: [Onuszan] C:\Program Files\Qnssluh\Bfmhm.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yriyoa.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MsUpdate] C:\Program Files\MsUpdate\MsUpdate.exe /auto
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\Run: [8KOAraA] C:\WINDOWS\nevctnm.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXNobGV5IFBhbG1lcg\command.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 paintpastel

paintpastel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 06 December 2005 - 04:38 PM

please?

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:09 PM

Posted 07 December 2005 - 07:06 AM

Hello,

First of all, you didn't extract hijackthis.. you are still running it from it's rar. So please extract hijackthis and move it to a permanent folder, for example C:\Hijackthis
This is really important!

Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/p2pnetwork.bfu

Click Ok
Then click execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.

Then again, next to the 'scriptfile to execute'-field, click the Posted Image-icon again and in the new window, copy and paste next url:

http://downloads.subratam.org/BFUscripts/igetnetfreepod.BFU

Click Ok
Then click execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

REBOOT your computer and post a new hijackthislog. We'll work further from there then.

Edited by miekiemoes, 07 December 2005 - 07:09 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 paintpastel

paintpastel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 08 December 2005 - 10:09 AM

Thanks so much for the help, as you can see, i didn't know what i was doing :thumbsup:
Thanks, I did everything you said, and here is the new logfile.


Logfile of HijackThis v1.99.1
Scan saved at 10:05:38 AM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [1X0Mf] C:\WINDOWS\lupox.exe
O4 - HKLM\..\Run: [Onuszan] C:\Program Files\Qnssluh\Bfmhm.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yriyoa.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [8KOAraA] C:\WINDOWS\nevctnm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:09 PM

Posted 08 December 2005 - 10:51 AM

Hello,

This is already looking a lot better, but we are not finished yet, because I can see in your log you were dealing (and maybe still are dealing) with other infections as well, so we need to get rid of them also

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Please set your system to show all files; please see here if you're unsure how to do this.

* Download and install CCleaner
Do not use it yet.

Please download ewido security suite; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Reboot into Safe Mode`: ( without networking support !)
įTo get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [1X0Mf] C:\WINDOWS\lupox.exe
O4 - HKLM\..\Run: [Onuszan] C:\Program Files\Qnssluh\Bfmhm.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yriyoa.exe reg_run
O4 - HKLM\..\Run: [8KOAraA] C:\WINDOWS\nevctnm.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\lupox.exe
C:\Program Files\Qnssluh <== folder
C:\WINDOWS\nevctnm.exe

* Still in safe mode Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together a fresh HijackThis log and the ewido-log so I can take another look.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 paintpastel

paintpastel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 08 December 2005 - 09:24 PM

Ok, wow, just got finished with all that. here are the things you requested...

again, thank you so much!

Panda scan report


Incident Status Location

Virus:W32/Bagle.DX.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\61hfquf3.slt\Mail\mail.adelphia.net\Inbox[Taxes.exe]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[email-details.txt .exe]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[account-password.htm .exe]
Virus:W32/Mytob.FR.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[mockos.txt .pif]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[email-password.htm .scr]
Virus:W32/Mytob.FR.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[important-details.htm .scr]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[ewdkv.doc .exe]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[email-details.doc .pif]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[hlczcy.txt .scr]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[updated-password.txt .scr]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[email-details.htm .pif]
Virus:W32/Mytob.FB.worm Not disinfected C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\5kwof728.default\Mail\mail.adelphia.net\Inbox[readme.htm .exe]
Adware:adware/dyfuca Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cfout.txt
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\iinstall50217.exe
Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\shortcuts.txt
Adware:adware/superspider Not disinfected C:\WINDOWS\system32\a.exe

hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 9:08:41 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Opera850\Opera.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Trillian\trillian.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:54:35 PM, 12/8/2005
+ Report-Checksum: 29C4913C

+ Scan result:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pghp.exe -> Downloader.Qoologic.ai : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.504:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsgygzw.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefo

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:09 PM

Posted 09 December 2005 - 04:53 AM

Hello,

Your hijackthislog looks clean. :thumbsup:

Open your thunderbird, under mail.adelphia.net, select inbox and delete every mail present in there you don't know!!! Because some are infected.

Also delete next file:

C:\WINDOWS\system32\a.exe

Open Ccleaner again and Click: Run Cleaner.

Let me know in your next reply how things are running.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:09 PM

Posted 18 December 2005 - 06:02 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users