Alert leads to avsystemcare

Dave .... · October 6, 2007

I'm running Win-XP on a Pentium laptop and "found" this little jewel. I'm using the Yahoo security suite (by CA). The spy and virus scans don't find anything.

I haven't tried anything else, yet. What should I do.

Thanks for any help.

Dave

JeanInMontana · October 6, 2007

Hi Dave.... and welcome to Malwarebytes. Where did you find it? Is it in your Add/Remove programs? Details please.

Dave .... · October 6, 2007

Hi Dave.... and welcome to Malwarebytes. Where did you find it? Is it in your Add/Remove programs? Details please.

Hi Jean,

None of the scans I have run find anything - I get a pop-up every 5-10 minutes title "Windows Security Alert" and if I hit any key other than the NO button it opens a browser for AVSYSTEMCARE.

I have read a few of the threads here and didn't want to start without some guidance.

Thanks,

Dave

JeanInMontana · October 7, 2007

OK I need to see some logs. Please follow the instructions below just as they are listed.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature.

AVG AntiSpyware Be sure to "take action"

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Dave .... · October 7, 2007

Tried twice and both time Spybot S&D locked up during the removal process. Task Manager said that it was "not responding". Is there something else I should do first?

Thanks,

Dave

JeanInMontana · October 7, 2007

It's the infection locking it up Dave. Move on to the AVG and Panda please and post those logs.

Dave .... · October 8, 2007

Here is the AVG log and the Panda is coming.

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 9:41:47 PM 10/7/2007

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55} -> Adware.Generic : Cleaned.

:mozilla.791:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.506:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.507:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.508:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.509:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.510:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.511:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.512:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.513:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.514:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.515:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.516:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.517:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.518:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.519:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.520:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.521:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.522:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.523:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.524:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.525:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.526:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.527:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.528:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.529:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.530:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.531:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.532:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.533:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.534:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.535:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.536:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.537:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.538:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.539:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.540:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.541:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.542:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.543:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.544:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.545:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.546:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.547:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.548:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.549:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.550:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.551:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.552:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.553:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.554:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.555:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.556:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.740:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.741:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Dave\Cookies\dave@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.804:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.805:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.664:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.665:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.666:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.667:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.668:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.669:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.670:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.671:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.672:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.193:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.195:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.196:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.197:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.198:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.75:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.269:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.

:mozilla.270:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.

:mozilla.271:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.

:mozilla.904:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.

:mozilla.661:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.662:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.663:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.87:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.89:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.91:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.93:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.94:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.95:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.96:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.97:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.437:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.

:mozilla.285:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.68:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.

:mozilla.69:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.

:mozilla.39:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.601:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.602:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.603:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.604:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.234:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.244:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.369:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.438:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.643:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.758:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.889:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.228:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.229:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.231:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.717:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.719:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.720:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.721:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.722:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.759:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.760:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.762:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.801:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.837:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.685:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.

:mozilla.896:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.897:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.100:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Information : Cleaned.

:mozilla.98:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Information : Cleaned.

:mozilla.99:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Information : Cleaned.

:mozilla.178:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.179:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.366:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.367:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.660:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.267:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.268:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.71:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.

:mozilla.44:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.45:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.46:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.47:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.569:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.61:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.62:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.63:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.64:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.65:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.66:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.67:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\Dave\Cookies\dave@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.83:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.

:mozilla.84:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.

:mozilla.85:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.

:mozilla.86:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.

:mozilla.213:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.214:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.376:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.377:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.378:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.379:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.380:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.381:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.382:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.90:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.

:mozilla.92:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.

:mozilla.286:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.287:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.288:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.289:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.290:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.291:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.292:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.293:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.294:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.295:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.296:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.297:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.298:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.299:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.300:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.787:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.788:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.789:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.790:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.818:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.819:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.820:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.821:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.822:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.823:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.308:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.309:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.310:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.311:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.312:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.313:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.314:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.315:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.318:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.319:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.320:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.321:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.322:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.323:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.324:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.325:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.326:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.327:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.328:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.329:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.330:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.331:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.332:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.333:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.334:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.335:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.336:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.337:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.338:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.339:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.340:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.140:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.141:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.172:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.175:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.176:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.192:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Dave\Cookies\dave@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.76:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.706:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.707:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.362:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.363:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.364:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.26:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.27:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.28:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.29:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.30:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Dave\Cookies\dave@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.496:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.497:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.499:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.500:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.501:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.502:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\WINDOWS\svhjdsah.exe -> Trojan.Small.rt : Cleaned.

::Report end

Dave .... · October 8, 2007

And here is the Panda scan report

Incident Status Location

Adware:Adware/WinAntiVirus2007 Not disinfected c:\windows\system32\winavxx.exe

Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\system32\vtr.dll

Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\system32\printer.exe

Adware:Adware/WinAntiVirus2007 Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe

Adware:Adware/WinAntiVirus2007 Not disinfected C:\Documents and Settings\Dave\Start Menu\Programs\Startup\system.exe

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.overture.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.advertising.com/]

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.did-it.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.com.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[server.iad.liveperson.net/hc/42100874]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[server.iad.liveperson.net/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.gostats.com/]

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.clickbank.net/]

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.toplist.cz/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.zedo.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.atwola.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.target.com/]

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[counter.hitslink.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.247realmedia.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\9k83tgdz.default\cookies.txt[www.burstbeacon.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[1].txt

Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\system32\sulimo.dat

JeanInMontana · October 8, 2007

I need the HJT log Dave.

Dave .... · October 8, 2007

Oops ...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:51:15 AM, on 10/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\Yahoo!\YOP\yop.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Microsoft Office\Office10\EXCEL.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser

O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - Startup: system.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: autorun.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B51F85B2-9034-47EF-B31F-3816F0949A97}: NameServer = 192.168.1.1,4.2.2.2

O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--

End of file - 9010 bytes

JeanInMontana · October 8, 2007

OK here we go. Turn off the Tea Timer function in Spybot Search & Destroy.

Please run HJT again and put a check next to the following items.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat

Click fix and OK. Close HJT and get this program

1. Download this file :

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall

Dave .... · October 8, 2007

When I did this HJT acknowledged that 5 items wer checked. I hit OK and got 2 errors the "registry editing denied by adminstrator". How do I correct that?

JeanInMontana · October 8, 2007

You have to be logged on as the administrator of the machine. You need to do that for all this process.

Dave .... · October 8, 2007

You have to be logged on as the administrator of the machine. You need to do that for all this process.

The "Control Panel" icon is no longer in the start menu, I tried the "change program settings" and I got "disallowed due to controls in effect" or something like that. I feel hidiously hosed. OY!

JeanInMontana · October 8, 2007

Umm wow.... this is a new one on me. Give ComboFix a try and see if it runs. Is the Control Panel icon in MyComputer? Maybe your start menu style has gotten changed?

Dave .... · October 9, 2007

Umm wow.... this is a new one on me. Give ComboFix a try and see if it runs. Is the Control Panel icon in MyComputer? Maybe your start menu style has gotten changed?

Here is the ComboFix log, followed by the HJT log:

ComboFix 07-10-09.3 - Dave 2007-10-08 20:12:23.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.37 [GMT -7:00]

Running from: C:\Downloads\software\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe

C:\Documents and Settings\Dave\Start Menu\Programs\Startup\system.exe

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\vtr.dll

C:\WINDOWS\system32\WinAvXX.exe

.

((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))

.

2007-10-08 20:09 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-08 11:49 <DIR> d-------- C:\Program Files\Trend Micro

2007-10-07 22:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-10-07 22:19 <DIR> C:\WINDOWS\LastGood.Tmp

2007-10-07 22:01 <DIR> d-------- C:\Program Files\ActiveX Control Pad

2007-10-07 22:01 169,984 --a------ C:\WINDOWS\system32\P2D.DLL

2007-10-07 22:01 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL

2007-10-07 22:01 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL

2007-10-07 22:01 28,672 --a------ C:\WINDOWS\system32\HLP95EN.DLL

2007-10-07 08:55 12,288 --a------ C:\WINDOWS\mraerea.exe

2007-10-07 05:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-10-06 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-10-03 21:41 <DIR> d-------- C:\Program Files\Lavasoft

2007-10-03 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-10-03 21:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-10-02 17:21 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-10-02 17:15 <DIR> d-------- C:\Documents and Settings\Dave\.housecall6.6

2007-09-30 21:06 <DIR> d-------- C:\Program Files\XoftSpySE

2007-09-30 21:02 <DIR> d-------- C:\Program Files\RogueRemover FREE

2007-09-30 15:57 8,364 --a------ C:\WINDOWS\system32\sulimo.dat

2007-09-29 15:44 <DIR> d-------- C:\Program Files\Apple Software Update

2007-09-29 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2007-09-29 00:32 <DIR> d-------- C:\Program Files\Thumb Maker

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-07 12:58 --------- d-----w C:\Program Files\Yahoo!

2007-10-07 12:58 --------- d-----w C:\Program Files\Common Files\Scanner

2007-09-29 22:47 --------- d-----w C:\Program Files\QuickTime

2007-09-29 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-09-29 19:43 --------- d-----w C:\Program Files\PokerStars

2006-11-26 22:05 46,608 ----a-w C:\Documents and Settings\Dave\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-30 21:02]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-30 20:58]

"SoundMan"="SOUNDMAN.EXE" [2003-02-10 00:59 C:\WINDOWS\SOUNDMAN.EXE]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-06 01:28]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-06 01:26]

"PCTVOICE"="pctspk.exe" [2003-04-06 22:41 C:\WINDOWS\system32\pctspk.exe]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]

"AGRSMMSG"="AGRSMMSG.exe" [2003-07-24 20:22 C:\WINDOWS\AGRSMMSG.exe]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]

"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" []

"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 21:37:56]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2006-08-13 23:13:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\WINDOWS\system32\sulimo.dat

R3 WBFIRDMA;Winbond Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys

S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS

S3 U2SP;OEM USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys

S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver;C:\WINDOWS\system32\DRIVERS\w70n51.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba8ca3f2-ad43-11d9-bc6a-806d6172696f}]

AutoRun\command - E:\select.exe

.

Contents of the 'Scheduled Tasks' folder

"2007-10-09 05:18:38 C:\WINDOWS\Tasks\XoftSpySE 2.job"

"2007-10-06 15:49:15 C:\WINDOWS\Tasks\XoftSpySE.job"

.

**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-08 22:19:04

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-10-08 22:51:40 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-10-08 22:51

.

--- E O F ---

=========================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:54:51 PM, on 10/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\Yahoo!\YOP\yop.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\WINDOWS\mraera.exe

C:\WINDOWS\system32\notepad.exe