Spyware and other crap

My computer has been overrun with spyware and crap, and i tried running hijackthis! but whenever I tried saving the log it would crash. So here are the jpegs of the log:











Please help, spyware is so annoying.

 

Hi steinbeck, please try to rename HijackThis.exe to Cleaner.exe. Then run a scan with Cleaner.exe and save the log and post it to here.

This is just because it is too difficult to instruct you from a picture.

 

One spyware that jumps out at me is that you have C2 Media a.k.a. Lop.com. That's what those prosearching.com entries are for. The genuine SpyBot (www.safer-networking.net) and Ad-Aware (www.lavasoft.de) will handle that. Just make sure to look in your DNS settings to be sure that Lop hasn't hijacked them; Go to Start->Control Panel->Network and Internet Connections->Network Connections->Local Area Connection (assuming you have broadband). Right-click Local Area Connection and select Properties, then click to highlight TCP/IP in the list and click the Properties button. Click the Advanced button under DNS, then click the DNS tab of the menu that comes up. You should NOT have and DNS server addresses or DNS suffixes entered. The radio button, "Append Primary and Connection Specific DNS Suffixes" should be selected, and probably the check box below it. There should NEVER be anything in the "Append these suffixes" area.

Not sure what 9449ddd2.exe is. Looks like it the Smitfraud (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) trojan that's so popular now. If think there's an app called Smitfraudfix to handle that.

The item c:\windows\T?sks\l?ass.exe (under O4) should be removed as well.

IdriverT is a possible rootkit that is part of a DRM scheme. Disable using the Start->Control Panel->Performance and Maintenance->Services function.

BTW, do yourself a huge favor: 1.) if you use Internet Explorer, discontinue using it, at least on the internet. 2.) remove RealOne (or whatever Real product you have installed) and use RealAlternative instead, unless you subscribe to Rhapsody (and even then, consider using another service.) 3.) Remove X10nets.exe unless you know for sure you need this. 4.) Get rid of Norton!

Good luck and post here or PM if you need more help.

 

I remaned hijackthis!, but it still wouldn't work. I did everything else here expcept I didn't remove Norton. Am I supposed to remove it before or after i get rid of the spyware, because I'm pretty sure i still have some on my computer.

 

Hi again, don't remove your Norton.

So when you press the "Do a system scan and save a logfile button", what happens? Are you getting an error message? Does the Notepad open? Does it just freeze? Are you sure that you have waited for the scanning to end?

 

When I run hijackthis, I first get the following message, even though I have it located on my desktop. I've also put a hijackthis.exe file on my C drive and it still gets the same message:



then I click scan now and save log and it begins to scan and then I get this message:



I click ok and then it keeps scanning until it looks like it's almost finished, then it freezes and after a minute I get a tyical "windows has encountered an error and must close this applicattion blah blah" window and then hijackthis is closed.

If i just run a scan, without saving the log, it scans to completion, but when I try to save the log it freezes. A hijackthis text file does appear sometimes when I try to have a log (I forget using which method though) but the file is blank and contains no text.

 

Ok, at first, move HijackThis.exe into its own folder, eg C:\HJT

Then, download Hoster from here -> http://www.funkytoad.com/download/hoster.zip
-> Unzip it to your desktop
-> Open Hoster
-> Click "Make Hosts Writable?" on upper right corner (if available)
-> Click "Restore Microsoft's Original Hosts File" and then click OK
-> Close Hoster

Then try to run HijackThis from its own foldr and save the logfile again .

 

I tried everything you said, still the same exact thing happens. When I ran Hoster, the upper right corner said "make hosts read-only" so I didn't do anything, but I did restore them like JaPK said.

 

Ok, I guess we have to do this the hard way.

Please post the pictures from the whole log to here, starting from "Logfile of HijackTh...."

Then we'll start the cleaning process.

 

ok here's the log:

 

Ok, we'll start with this...

Download win32delfkil -> http://users.telenet.be/marcvn/tools/win32delfkil.exe
Save it to your desktop.

Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Go to Control Panel -> Add/Remove programs -> Remove PuritySCAN By OIN, OuterInfo, OIN if found

If PuritySCAN By OIN, OuterInfo, OIN were not listed, download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed -> http://www.outerinfo.com/howto.html

Doubleclick win32delfkil.exe and it extracts itself to win32delfkil-directory.
Close all other windows and open the win32delfkil-directory. Doubleclick fix.bat. If the computer doesn't restart after the fix, restart it by yourself.

Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.

-> When the scan has completed:
-> If infections were found you'll be prompted about what to do. Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
-> Then press Apply all actions and answer yes to all if it asks about something
-> Click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\win32delfkill.txt

Note! You're not clean yet.

 

thanks for all the help!
[bold]here's the hijackthis log:[/bold]




[bold]this is from the ewidow log:[/bold]
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:10:04 AM 7/5/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\аssembly\netdde.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\logonui.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Μicrosoft\mѕdtc.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
[1160] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1328] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[212] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[264] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[276] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[464] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[536] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[596] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
C:\WINDOWS\system32\fccyvtr.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\g10783562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g11086484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g12037156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g12239546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g12406718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g12407265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g1252781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g13356984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g13729406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g1422046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g14603953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g14678000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g15349468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g15807500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g16249156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g16670078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g17008843.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g17453953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g17990328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g18449437.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g19531015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g19657546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g20732828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g20860546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g2095484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g21932796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g22307859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g23514234.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g23675578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g2464437.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g24796531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g24874343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g26194625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g26196000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g2646218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g27404671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g27816171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g28635281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g29139093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g2987703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g30456687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g32078656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g3301078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g33278796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g34479390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g36113125.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g37314281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g3828343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g38642375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g3877296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g40262859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g41463859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g41680421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g4199265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g42666312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g42896593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g44294750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g44390953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g45499031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g45559156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g46712062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g46763796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g48236906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g48248343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g49432609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g49460109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g50666687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g50706500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g5199781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g52124296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g52298609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g5278000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g53324187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g53494500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g54527328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g5457203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g54692609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g5556453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g56006078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g56238453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g5687468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g57197156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g58453250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g6399546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g6477375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g6876593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g6909421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g8098812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g8140750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g8196515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g887968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g9315546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g9464046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g9766734.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msCMTsrvc.exe -> Downloader.Presario : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JHG70DPF\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I83ZQT5D\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\sуstem\wuauboot.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7VE2ZLSX\!update-3895[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7VE2ZLSX\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YC059TEA\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0BL0LBZ4\!update-4005[1].0000 -> Downloader.PurityScan.cs : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\аssembly\SSEMBL~1\!update-4005.0000 -> Downloader.PurityScan.cs : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XUFR2UUM\!update-4045[1].0000 -> Downloader.PurityScan.ct : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\аssembly\SSEMBL~1\!update-4045.0000 -> Downloader.PurityScan.ct : Cleaned with backup (quarantined).
C:\hp\region\EN_US-ie.reg -> Hijacker.StartPage : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.549:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Counted : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@tracking.g3x[1].txt -> TrackingCookie.G3x : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.569:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.571:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.572:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.469:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.471:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.539:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.540:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.552:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.553:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.554:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.555:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.556:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.484:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.391:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.392:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.583:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.422:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.424:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Greyfirst\Celtx\Profiles\qwp5s7vh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ybkw28s2.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winhab32.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EXXSYIPA\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EXXSYIPA\bgates[2].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EXXSYIPA\bgates[3].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EXXSYIPA\bgates[4].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EXXSYIPA\bgates[5].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YG2GYYNX\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YG2GYYNX\bgates[2].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YG2GYYNX\bgates[3].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YG2GYYNX\bgates[4].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YG2GYYNX\bgates[5].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YG2GYYNX\bgates[6].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZUYEVRDS\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZUYEVRDS\bgates[2].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZUYEVRDS\bgates[3].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZUYEVRDS\bgates[4].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3CE.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).


::Report end



[bold]this is from the windelf.txt:[/bold]

************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
g10783562.dll
g11086484.dll
g12037156.dll
g12239546.dll
g12406718.dll
g12407265.dll
g13356984.dll
g13729406.dll
g1422046.dll
g14603953.dll
g14678000.dll
g15349468.dll
g15807500.dll
g16249156.dll
g16670078.dll
g17008843.dll
g17453953.dll
g17990328.dll
g18449437.dll
g19531015.dll
g19657546.dll
g20732828.dll
g20860546.dll
g2095484.dll
g21932796.dll
g22307859.dll
g23514234.dll
g23675578.dll
g2464437.dll
g24796531.dll
g24874343.dll
g26194625.dll
g26196000.dll
g2646218.dll
g27404671.dll
g27816171.dll
g28635281.dll
g29139093.dll
g2987703.dll
g30456687.dll
g32078656.dll
g3301078.dll
g33278796.dll
g34479390.dll
g36113125.dll
g37314281.dll
g3828343.dll
g38642375.dll
g3877296.dll
g40262859.dll
g41463859.dll
g41680421.dll
g4199265.dll
g42666312.dll
g42896593.dll
g44294750.dll
g44390953.dll
g45499031.dll
g45559156.dll
g46712062.dll
g46763796.dll
g48236906.dll
g48248343.dll
g49432609.dll
g49460109.dll
g50666687.dll
g50706500.dll
g5199781.dll
g52124296.dll
g52298609.dll
g5278000.dll
g53324187.dll
g53494500.dll
g54527328.dll
g5457203.dll
g54692609.dll
g5556453.dll
g56006078.dll
g56238453.dll
g5687468.dll
g57197156.dll
g58453250.dll
g6399546.dll
g6477375.dll
g6876593.dll
g6909421.dll
g8098812.dll
g8140750.dll
g8196515.dll
g887968.dll
g9315546.dll
g9464046.dll
g9766734.dll
compstuic.dll

File(s) found in system32 folder
--------------------------------

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"


sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]
@="C:\\WINDOWS\\g12239546.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32]
@="C:\\WINDOWS\\g12239546.dll"
"ThreadingModel"="Apartment"



Notify key
----------
subkey cfgmngr32 is present!



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------
g10783562.dll
g11086484.dll
g12037156.dll
g12239546.dll
g12406718.dll
g12407265.dll
g13356984.dll
g13729406.dll
g1422046.dll
g14603953.dll
g14678000.dll
g15349468.dll
g15807500.dll
g16249156.dll
g16670078.dll
g17008843.dll
g17453953.dll
g17990328.dll
g18449437.dll
g19531015.dll
g19657546.dll
g20732828.dll
g20860546.dll
g2095484.dll
g21932796.dll
g22307859.dll
g23514234.dll
g23675578.dll
g2464437.dll
g24796531.dll
g24874343.dll
g26194625.dll
g26196000.dll
g2646218.dll
g27404671.dll
g27816171.dll
g28635281.dll
g29139093.dll
g2987703.dll
g30456687.dll
g32078656.dll
g3301078.dll
g33278796.dll
g34479390.dll
g36113125.dll
g37314281.dll
g3828343.dll
g38642375.dll
g3877296.dll
g40262859.dll
g41463859.dll
g41680421.dll
g4199265.dll
g42666312.dll
g42896593.dll
g44294750.dll
g44390953.dll
g45499031.dll
g45559156.dll
g46712062.dll
g46763796.dll
g48236906.dll
g48248343.dll
g49432609.dll
g49460109.dll
g50666687.dll
g50706500.dll
g5199781.dll
g52124296.dll
g52298609.dll
g5278000.dll
g53324187.dll
g53494500.dll
g54527328.dll
g5457203.dll
g54692609.dll
g5556453.dll
g56006078.dll
g56238453.dll
g5687468.dll
g57197156.dll
g58453250.dll
g6399546.dll
g6477375.dll
g6876593.dll
g6909421.dll
g8098812.dll
g8140750.dll
g8196515.dll
g887968.dll
g9315546.dll
g9464046.dll
g9766734.dll

File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"



Notify key
----------

 

Ok, then we'll continue...

Download VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on

Post a new HijackThis log and the contents of C:\vundofix.txt

PS. Try if you can now save the HijackThis textfile...

 

dang, I tried running it, but it would just freeze and close. I tried running it in safe mode too. Any suggestions?

 

What freezed, the Vundofix or the HijackThis ?

 

Vundofix freezes, so does hijackthis.

 

Ok, so we need to use some other tools first...


Download eScan to your desktop -> http://www.spywareinfo.dk/download/mwav.exe
Run the file mwav.exe and unzip it to its default location, C:\Kaspersky

1. Updating the scanner (close the eScan window if open)
-> Go to My Computer
-> C:\
-> Kaspersky
-> Run the file kavupd.exe, it starts downloading updates
-> When downloading is finished, go to C:\Downloads
-> Copy all the files in the Downloads folder by pressing CTRL+A and then CTRL+C
-> Then go back to the C:\Kaspersky folder and paste the files by pressing CTRL+V
-> Answer Yes to all when it asks about replacing files
-> Now the scanner has been updated

2. Scanner settings
-> Go to folder C:\Kaspersky and run the file mwavscan.com (or mwavscan.exe)
-> The scanner window opens
-> Select the same settings than in this picture -> http://koti.mbnet.fi/pattaya1/eScan6.jpg
-> When ready, press the Scan Clean button
-> Scanning for infections begins

3. Posting the results
-> When the scan has finished (scan may take a quite long time), you'll need to post the findings
-> DO NOT click the view a log button
-> Copy all the text in this field http://koti.mbnet.fi/pattaya1/eScan10.jpg
-> Click the field, press CTRL+A, CTRL+C
-> Then open Notepad and paste the findings into a new document by pressing CTRL+V
-> Save the document to your desktop
-> Post the contents of that textfile to here

 

Is there a certain time when the eScan servers are up, because when I run the updater file a command script thing tries to connect and then it says it failed to make a connection. It says "Updage failed, Press any key to continue" and when I press something the command box thing disappears.

 

Ok, maybe you didn't allow eScan to connect the internet from your firewall.

We can use another scanner...

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

-> Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml
-> Doubleclick the drweb-cureit.exe file and Allow to run the express scan
-> This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
-> Once the short scan has finished, you should now mark the drives that you want to scan.
-> Select all drives. A red dot shows which drives have been chosen.
-> Click the green arrow at the right, and the scan will start.
-> Click 'Yes to all' if it asks if you want to cure/move the file.

-> When the scan has finished, look if you can click next icon next to the files found
-> If so, click it and then click the next icon right below and select Move incurable
-> After the scan, in the menu, click file and choose save report list
-> Save the report to your desktop. The report will be called DrWeb.csv
-> Close Dr.Web Cureit.
-> Reboot the computer in Normal Mode,
-> Post the Cure-it report and a fresh HijackThis log

 

Sorry for the long delay, my computer crashed and when I restarted all of my firefox bookmarks were gone, so i was bummed and decided to leave the computer alone for a while. I disabled my firewall and ran the updates for mwav and scanned my system. Here's the log:

File C:\PROGRA~1\SSTEM~1\wuauboot.exe infected by "Trojan-Downloader.Win32.PurityScan.co" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\dexplore.dll tagged as not-a-virus:AdWare.Win32.PurityScan.en. No Action Taken.
File C:\Documents and Settings\Owner\Desktop\OiUninstaller.exe tagged as not-a-virus:AdWare.Win32.PurityScan.bu. No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\emr6mmic.default\Cache\B23E4567d01 infected by "Trojan-Downloader.Win32.Agent.alr" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe infected by "Trojan-Downloader.Win32.PurityScan.co" Virus. Action Taken: File Deleted.
File C:\Program Files\AIM\UninstallMM.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\WINDOWS\system32\dexplore.dll tagged as not-a-virus:AdWare.Win32.PurityScan.en. No Action Taken.