More Virtumonde

[JFixer]

I feel so stupid. I got my home PC all nice and cozy, snug and protected and scanned...

My laptop got infected. Going through the pre-post steps now, and Malwarebyte's utility has already pinged 11 flags. Posting my logs shortly.

[JFixer]

Okay, here goes... Let's see if I got all this right.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:35:29 AM, on 12/13/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)

O2 - BHO: (no name) - {477a596d-ee01-47ed-8760-a4755f6c6c4a} - C:\WINDOWS\system32\vinijubo.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E1FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\JACOBH~1\LOCALS~1\Temp\2007215125612_mcappins.exe /v=3 /cleanup

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JACOBH~1\LOCALS~1\Temp\200721512568_mcinfo.exe /insfin

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Jacob Helmer\Application Data\Mozilla\Firefox\Profiles\zps0eepf.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Jacob Helmer\Application Data\Mozilla\Firefox\Profiles/zps0eepf.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [vokotisive] Rundll32.exe "C:\WINDOWS\system32\powihiza.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\dapogiyo.dll c:\windows\system32\woyurujo.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woyurujo.dll (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--

End of file - 10649 bytes

======================

Malwarebytes' Anti-Malware 1.31

Database version: 1494

Windows 5.1.2600 Service Pack 3

12/13/2008 3:57:57 AM

mbam-log-2008-12-13 (03-57-57).txt

Scan type: Quick Scan

Objects scanned: 52814

Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 6

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\dapogiyo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{477a596d-ee01-47ed-8760-a4755f6c6c4a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{477a596d-ee01-47ed-8760-a4755f6c6c4a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{477a596d-ee01-47ed-8760-a4755f6c6c4a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vokotisive (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dapogiyo.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\dapogiyo.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dapogiyo.dll -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\vinijubo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dapogiyo.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\gofubeva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hulasinu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mehitase.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jacob Helmer\Local Settings\Temporary Internet Files\Content.IE5\0DSZLWMF\style[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

======================

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-13 06:28:53

PROTECTIONS: 1

MALWARE: 8

SUSPECTS: 3

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG 7.5.552 7.5.552 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Cookies\jacob_helmer@247realmedia[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Cookies\jacob_helmer@tribalfusion[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt[.tribalfusion.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[ad.yieldmanager.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Application Data\Sony Online Entertainment\SOEDBrowser\Profiles\4jb6cike.default\cookies.txt[.bs.serving-sys.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Cookies\jacob_helmer@ads.pointroll[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Cookies\jacob_helmer@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jacob Helmer\Cookies\jacob_helmer@questionmarket[1].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location 9

;===============================================================================

================================================================================

=

===================

Yes C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F1438T1L1\setup_gF1438T1L1_d245800390_l1_s1.exe[

[JFixer]

I've done some more work with the Malwarebytes program, and it's no longer hijacking my browser, but I still have it show up in my Spyware scan. I need help to get rid of this sucker.

[JFixer]

I've done some more work with the Malwarebytes program, and it's no longer hijacking my browser, but I still have it show up in my Spyware scan. I need help to get rid of this sucker.

Looks like I may have fixed this by removing all 'unnamed' files from the list...