View Full Version : CoolWWWsearch.WCADW and .Yexe
Spybot keeps finding and deleting the following problems, but they always come back
Advertising.com
Avenue A, INC
CoolWWWSearch.WCADW
CoolWWWSearch.Yexe
DoubleClick
This is my hijack log
thanks for your help
Logfile of HijackThis v1.99.1
Scan saved at 8:12:14 PM, on 1/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\paytime.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LSASS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gaim\gaim.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\inet20010\winlogon.exe
C:\PROGRA~1\iLinc\Client\bin\llpush.exe
C:\Programs\Firefox\firefox.exe
C:\WINDOWS\inet20010\mm4.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\antispyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msoff.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
O4 - HKLM\..\Run: [LLPush] C:\PROGRA~1\iLinc\Client\bin\llpush.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: msupdate - C:\WINDOWS\
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_13.dll
O21 - SSODL: qBsmUumYlXemU - {742D3010-DE87-9ABA-60D1-8D2083AC9ADA} - C:\WINDOWS\system32\vc.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
hi
that log looks badly infected, looks like there are several backdoors, keyloggers and viruses. you may want to contact you bank and credit card company for possible unauthorised transactions!!
IMPORTANT- You need to disconnect this PC from the internet and from your network if it is on a network. Then, access this information from a non-compromised computer to follow the steps needed.
you need to take steps to protect your information that may have been compromised. I recommend these steps for action:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
this is something i dont like to recommend normally, but with a computer this badly infected it would be the best solution for your safety to format the drive and do a fresh install of the operation system.. consider this especially if there is important or confidential information stored on your hard disk
if you still wish to continue cleaning this, it would be best to use another computer to download the necessary tools and to read this forum
if you choose to clean it follow these steps:
Download and Save Blacklight (http://www.f-secure.com/blacklight/try.shtml) to your desktop:
Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next
You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"O
then
Please download ewido security suite (http://www.ewido.net/en/download/) it is a free version of the program.
Install ewido security suite
When installing, under "Additional Options" uncheck..
Install background guard
Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://www.ewido.net/en/download/updates/)
Once the updates are installed do the following:
reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
then launch ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.
so what i want is :
the ewido report
the blacklight log
and a fresh hijackthis log
good luck, whatever you decide
Hi, thanks a lot for your help
(I decided to try this and if it doesn't work it's reinstalling windows for me)
sbybot found no viruses on my computer, so that sounds hopeful
I do have a roommate on my network . . . should I run these programs on her computer as well?
My computer seems to be running a little slow still, so i wouldn't be surprised if everything wasn't gone.
Here is my new Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:22:41 AM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\antispyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msoff.exe
O4 - HKLM\..\Run: [LLPush] C:\PROGRA~1\iLinc\Client\bin\llpush.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: msupdate - C:\WINDOWS\
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_13.dll (file missing)
O21 - SSODL: qBsmUumYlXemU - {742D3010-DE87-9ABA-60D1-8D2083AC9ADA} - C:\WINDOWS\system32\vc.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
this is my fsbl-xxxxxxxx.log
02/02/06 23:08:57 [Info]: BlackLight Engine 1.0.30 initialized
02/02/06 23:08:57 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/02/06 23:08:58 [Note]: 7019 4
02/02/06 23:08:58 [Note]: 7005 0
02/02/06 23:09:16 [Note]: 7006 0
02/02/06 23:09:16 [Note]: 7011 200
02/02/06 23:09:16 [Note]: FSRAW library version 1.7.1014
02/02/06 23:30:53 [Note]: 7007 0
and THIS is my ewido scan
(I had to post twice becasue it was too long)
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 12:18:51 AM, 2/3/2006
+ Report-Checksum: DB44289A
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1547161642-412668190-725345543-1003\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1547161642-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\jhi2agsk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Marissa\Cookies\marissa@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Marissa\Cookies\marissa@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Marissa\Local Settings\Temp\kykdsngd.exe -> Hijacker.Small.cc : Cleaned with backup
C:\Documents and Settings\Marissa\Local Settings\Temporary Internet Files\Content.IE5\L4QOS5XA\runfile[1].exe -> Hijacker.Small.cc : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Logger.Agent.jo : Cleaned with backup
C:\WINDOWS\inet20010\3.00.13.dll -> Spyware.Ihbo : Cleaned with backup
C:\WINDOWS\inet20010\3.01.00.dll -> Spyware.Ihbo : Cleaned with backup
and some more of it . . . .
C:\WINDOWS\inet20010\alg.exe.bak -> Worm.Delf.i : Cleaned with backup
C:\WINDOWS\inet20010\mm4.exe -> Logger.Delf.ig : Cleaned with backup
C:\WINDOWS\inet20010\mm4.exe.bak -> Logger.Delf.ig : Cleaned with backup
C:\WINDOWS\inet20010\winlogon.exe -> Downloader.CWS.s : Cleaned with backup
C:\WINDOWS\system32\dcom_13.dll -> Trojan.Agent.nl : Cleaned with backup
:mozilla.36:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.46:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.47:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.48:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.49:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.50:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.51:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.60:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.61:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.62:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.63:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.64:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.65:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.82:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.90:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.92:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.140:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.184:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.185:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.186:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.187:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.188:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.197:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.198:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.199:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.200:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.201:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.202:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.203:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.204:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.205:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.206:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.207:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.208:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.210:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.213:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.215:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.218:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.219:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.220:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.221:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.222:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.223:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.225:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.226:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.227:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.228:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.229:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.231:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.232:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.233:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.234:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.235:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.236:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.237:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.238:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.239:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.240:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.241:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.242:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.243:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.244:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.245:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.246:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.247:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.248:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.249:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.250:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.251:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.252:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.253:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.254:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.255:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.256:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.284:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.285:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.287:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.307:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.315:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.317:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.318:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.335:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.358:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.359:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.360:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.361:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.362:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.363:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.364:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.365:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt ->
and the last of it
(hopefully most of the cookies you don't really have to look at, thanks again for the help)
Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.366:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.367:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.378:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.379:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.389:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.390:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.407:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.408:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.409:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.414:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.418:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.423:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.441:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.455:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.462:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.478:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.479:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.485:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.486:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.487:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.488:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.489:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.498:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.499:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.500:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.553:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.564:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.566:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.568:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.581:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.582:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.583:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.584:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.585:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.586:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.587:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.588:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.589:E:\Documents and Settings\Marissa\ApplicationData\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.590:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.591:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.592:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.593:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.594:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.595:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.596:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.597:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.598:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.599:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.603:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.604:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.605:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.606:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.608:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.619:E:\Documents and Settings\Marissa\ApplicationData\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.620:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.628:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.662:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.663:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.664:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.697:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.698:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.701:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.714:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.715:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.721:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.731:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.732:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.735:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.749:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.750:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.751:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.752:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.759:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.760:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.761:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.767:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.773:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.785:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.792:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.821:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.826:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.827:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.839:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.849:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.854:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.855:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.866:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.867:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.878:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.879:E:\Documents and Settings\Marissa\Application Data\Mozilla\Firefox\Profiles\909s2duz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.6:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.8:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.9:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.10:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.11:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.12:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.13:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.14:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.15:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.16:E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
E:\Documents and Settings\Marissa\Cookies\marissa@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
E:\Documents and Settings\Marissa\Cookies\marissa@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
E:\Documents and Settings\Marissa\Cookies\marissa@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
E:\Documents and Settings\Marissa\Cookies\marissa@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
E:\Documents and Settings\Marissa\Cookies\marissa@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
E:\Program Files\My Love\71793066.INS -> Backdoor.IRC.Mox.a : Cleaned with backup
E:\Program Files\My Love\v1r3 -> Backdoor.IRC.Mox.a : Cleaned with backup
E:\Program Files\My Love\v1r5 -> Worm.Randon.ar : Cleaned with backup
E:\Program Files\My Love\x -> Worm.Randon.aa : Cleaned with backup
::Report End
Thank you sooooo much
hi
open hijackthis, click do a system scan only
checkmark these lines:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msoff.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O20 - Winlogon Notify: msupdate - C:\WINDOWS\
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_13.dll (file missing)
O21 - SSODL: qBsmUumYlXemU - {742D3010-DE87-9ABA-60D1-8D2083AC9ADA} - C:\WINDOWS\system32\vc.dll (file missing)
then close all browser and explorer windows
so that only hjt is running
and click fix checked
enable showing of system and hidden files:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
make sure to rehide them once were through here ;)
Reboot into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode (http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo)
locate and delete the following files and folders, if still there:
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe<<--this file
C:\WINDOWS\inet20010<<--this folder
C:\WINDOWS\system\ctldlg32.dll<<--this file
C:\WINDOWS\system32\msoff.exe<<--this file
C:\WINDOWS\system32\dcom_13.dll<<--this file
C:\WINDOWS\system32\vc.dll<<--this file
reboot back to normal mode
do an online virus scan:
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
also post a fresh hjt log
Ok, i did all that and my computer seems to be working quite a bit better
however kaspersky say it found some viruses
this is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 10:07:36 AM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programs\Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\antispyware\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LLPush] C:\PROGRA~1\iLinc\Client\bin\llpush.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
This is the Kaspersk scan:
Scan Statistics:
Total number of scanned objects: 201697
Number of viruses found: 11
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 4396 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Marissa\Local Settings\Temp\jav542.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Marissa\My Documents\comuter stuff\americanbeauty_d.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.j
C:\Documents and Settings\Marissa\My Documents\comuter stuff\americanbeauty_d.exe/WISE0015.BIN/data0002 Infected: not-a-virus:AdWare.Win32.Sidesearch.d
C:\Documents and Settings\Marissa\My Documents\comuter stuff\americanbeauty_d.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Sidesearch.d
C:\Documents and Settings\Marissa\My Documents\comuter stuff\americanbeauty_d.exe Infected: not-a-virus:AdWare.Win32.Sidesearch.d
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From KSU Student Nurse! <cwiland@kent.edu>][Date Sat, 10 Jul 2004 04:50:40 -0400]/text/[From dboyd1@kent.edu][Date Sun, 26 Sep 2004 18:57:12 -0400]/text/[From FROM_ENDS_IN_NUMS, HTML_50_60, HTML_FONTCOLOR_UNSAFE, HTML_IMAGE_ONLY_04,][Date Sun, 26 Sep 2004 03:46:39 -0300]/html Infected: Trojan-Spy.HTML.Smitfraud.c
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From KSU Student Nurse! <cwiland@kent.edu>][Date Sat, 10 Jul 2004 04:50:40 -0400]/text/[From dboyd1@kent.edu][Date Sun, 26 Sep 2004 18:57:12 -0400]/text Infected: Trojan-Spy.HTML.Smitfraud.c
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From KSU Student Nurse! <cwiland@kent.edu>][Date Sat, 10 Jul 2004 04:50:40 -0400]/text Infected: Trojan-Spy.HTML.Smitfraud.c
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Robin Brundage <rbrundag@kent.edu>][Date Tue, 05 Oct 2004 01:37:31 -0400]/text/[From landrews <landrews@kent.edu>][Date Thu, 07 Oct 2004 21:42:09 -0400]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 08 Oct 2004 00:31:40 -0400]/html Infected: Trojan-Spy.HTML.Bankfraud.v
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Robin Brundage <rbrundag@kent.edu>][Date Tue, 05 Oct 2004 01:37:31 -0400]/text/[From landrews <landrews@kent.edu>][Date Thu, 07 Oct 2004 21:42:09 -0400]/text Infected: Trojan-Spy.HTML.Bankfraud.v
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Robin Brundage <rbrundag@kent.edu>][Date Tue, 05 Oct 2004 01:37:31 -0400]/text Infected: Trojan-Spy.HTML.Bankfraud.v
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAM ... /[From Washington@kent.edu, Mutual@kent.edu, "Inc." <custservice_1@wamu.com>][Date Tue, 23 Nov 2004 21:08:32 +0400]/html Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < ... /[From Debbie Wallin ... /[From gemkat@adelphia.net][Date Mon, 22 Nov 2004 09:26:16 -0500]/text Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < ... /[From Debbie Wallin <DEBWALLIN@worldnet.att.net>][Date Mon, 22 Nov 2004 06:16:25 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < ... /[From Debbie Wallin <DEBWALLIN@worldnet.att.net>][Date Thu, 11 Nov 2004 06:31:06 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < .. . ... ... /[From eric matheny <matheny54@hotmail.com>][Date Tue, 09 Nov 2004 18:12:23 +0000]/text Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < .. . ... /[From SSG Elizabeth Moten <emoten@kent.edu>][Date Tue, 09 Nov 2004 15:41:23 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < .. . ... /[From SSG Elizabeth Moten <emoten@kent.edu>][Date Tue, 09 Nov 2004 15:51:15 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < .. ... ... /[From Michael McLaughlin <mmclaugh@kent.edu>][Date Sun, 07 Nov 2004 21:57:51 -0500]/text Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < .. ... /[From Val Lindon <jumpintrumbies@hotmail.com>][Date Sun, 07 Nov 2004 22:38:24 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin < ... /[From Debbie Wallin <DEBWALLIN@worldnet.att.net>][Date Sat, 06 Nov 2004 08:50:05 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED/[From Debbie Wallin <DEBWALLIN@worldnet.att.net>][Date Sat, 06 Nov 2004 08:54:14 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED/[From Mikeastuart@aol.com][Date Mon, 01 Nov 2004 23:18:06 -0500 (EST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Mon, 25 Oct 2004 16:14:16 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED/[From Flashline Message <flashline.announcement@kent.edu>][Date Sun, 24 Oct 2004 01:21:56 -0400 (EDT)]/text Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash/[From Michael McLaughlin <mmclaugh@kent.edu>][Date Fri, 22 Oct 2004 14:33:20 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Documents and Settings\Marissa\Application Data\Thunderbird\Profiles\jbtxz5fy.default\Mail\Local Folders\Trash Infected: Trojan-Spy.HTML.Bankfraud.w
E:\Program Files\My Love\mirc.ini Infected: Backdoor.IRC.Sliv.a
E:\Program Files\My Love\v1r1 Infected: Backdoor.IRC.Zapchast
E:\Program Files\My Love\v1r10 Infected: Backdoor.IRC.Sliv.a
E:\Program Files\My Love\v1r6 Infected: Backdoor.IRC.Sliv.a
E:\Program Files\My Love\v1r8 Infected: Backdoor.IRC.Sliv.a
E:\WINDOWS\Temp\lon.exe/c4nn0t.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
E:\WINDOWS\Temp\lon.exe/mirc.ini Infected: Backdoor.IRC.Sliv.a
E:\WINDOWS\Temp\lon.exe/v1r1 Infected: Backdoor.IRC.Zapchast
E:\WINDOWS\Temp\lon.exe/v1r10 Infected: Backdoor.IRC.Sliv.a
E:\WINDOWS\Temp\lon.exe/v1r3 Infected: Net-Worm.Win32.Randon.ar
E:\WINDOWS\Temp\lon.exe/v1r5 Infected: Backdoor.IRC.Zapchast
E:\WINDOWS\Temp\lon.exe/v1r6 Infected: Backdoor.IRC.Sliv.a
E:\WINDOWS\Temp\lon.exe/v1r8 Infected: Backdoor.IRC.Sliv.a
E:\WINDOWS\Temp\lon.exe/x Infected: Backdoor.IRC.Sliv.a
E:\WINDOWS\Temp\lon.exe/island.exe Infected: not-a-virus:RiskTool.Win32.HideWindows
E:\WINDOWS\Temp\lon.exe Infected: not-a-virus:RiskTool.Win32.HideWindows
hi
lots of infected emails, you might want to delete those
and irc backdoors.. well thas more serious
do you have mirc installed, is it here E:\Program Files\My Love\?
seems to be script driven to act as a backdoor
also this file: E:\WINDOWS\Temp\lon.exe
could you upload that file to http://www.thespykiller.co.uk/forum/index.php?board=1.0
no need to register
just go there, press new topic, include in your message a link to here, then use the browse button to browse to E:\WINDOWS\Temp\lon.exe
and attach it
then post the topic
i need to take a closer look at the file
btw the log looks clean :)
just some final checks
Hi
I deleted E:\Program Files\My Love\
i'm pretty sure i used to have mirc, but i don't ever use it anymore, i think it's on another hard drive . . . .
E:\WINDOWS\Temp\lon.exe is at http://www.thespykiller.co.uk/forum/index.php?topic=1143.0
I also deleted those e-mails
Thanks again, I am so greatful
my computer runs like new again :)
hi
post a final hijackthis log :D
also your AVG, is it working properly ? updating, scanning ?
hi, I'm a little sad because spybot seems to be picking up a bunch of adware again. I delet it, and it is right there . . .
I'm not going to any weird websites and i'm not downloading anything right now cause I'm freaked out about getting a virus . . .
anyway this is my hijackthis log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programs\Firefox\firefox.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\antispyware\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LLPush] C:\PROGRA~1\iLinc\Client\bin\llpush.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Yes AVG is working properly, and updating. Also, my computer works much better, so you got the really bad stuff . . .
thanks
hi
looks like i need to see that spybot report
go here:
http://forums.spybot.info/showthread.php?t=288
for instructions on how to post it
i trust you did the spybot scan in safe mode, it will remove a whole lot of more stuff in safe mode...
hi, I scaned in advanced mode? Is that the same thing?
Sorry it took so long to reply
this is my spybot report:
-- Search result list ---
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)
ValueClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
ValueClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-03 Includes\Cookies.sbi (*)
2006-02-03 Includes\Dialer.sbi (*)
2006-02-03 Includes\Hijackers.sbi (*)
2006-02-03 Includes\Keyloggers.sbi (*)
2006-02-03 Includes\Malware.sbi (*)
2006-02-03 Includes\PUPS.sbi (*)
2006-02-03 Includes\Revision.sbi (*)
2006-02-03 Includes\Security.sbi (*)
2006-02-03 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-02-03 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
hi
those are just cookies, while the offend your privacy it is not a serious security risk..
this list i'm about to post contains software to prevent spyware cookies, read on :
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)
or
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topict405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/tutorial48.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
IE/Spyad (https://netfiles.uiuc.edu/ehowes/www/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
hi
as the problem here is resolved this topic will now be archived
contact the forum staff to get it reopened
glad we could help :)