Problems with unwanted pop-up ads [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Problems with unwanted pop-up ads [RESOLVED]

Options

Marsu View Member Profile	Oct 9 2007, 05:42 PM Post #1
Member Posts: 10 OS: Windows XP	Hello, I’m hoping that you can help me. For the past few days, I’ve had a problem with unwanted pop-up ads (Broadcaster.com, WinAntiVirusPro, Search.ebay, etc.), and dialog boxes (mostly asking if I want a free system scan). I have run a few anti-spyware programs (Spybot, Ad-Aware, VundoFix) which removed a number of files, but the pop-ups still appear. I think one of the malicious files is vturo.dll, but which I could not remove using VundoFix and Killbox. Also, yesterday VundoFix located two other bad files, ifvfbsup.dll and kblfexho.dll, but could not remove them. I followed your instructions prior to posting. I ran ATF Cleaner and created a new system restore point. I ran AVG Anti-Spyware (found 204 bad files; report is below) and SUPERAntiSpyware (which found no harmful files). However, I was having trouble running Panda Activescan – I tried a few times, but my IE browser gets hung up and locks during the scan (and Activescan does not work with Firefox). I’ll keep trying to run a report and will post if successful. I’m also up to date with my Windows updates. Below is my HijackThis log and AVG Anti-Spyware report. I hope this is enough information for you to help get started in resolving the problem. Any help would be greatly appreciated! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:55:57 PM, on 10/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\PROGRA~1\McAfee\MSC\McLogCln.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\HJT\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: (no name) - {307EEA20-9742-44DB-A21E-B7BA9FFB68B5} - C:\WINDOWS\system32\vturo.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: PowerReg Scheduler V3.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136906757046 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ololqiti.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8121 bytes --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 9:07:10 PM 10/8/2007 + Scan result: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eXactAdvertisingFuncade -> Adware.BargainBuddy : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\AppID\AtlBrowser.EXE -> Adware.Ezula : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Offer -> Adware.Ezula : Cleaned with backup (quarantined). HKU\S-1-5-21-3708163554-466676748-1739137079-1007\Software\Web Offer -> Adware.Ezula : Cleaned with backup (quarantined). HKU\S-1-5-21-3708163554-466676748-1739137079-1007\Software\Web Offer\Setup -> Adware.Ezula : Cleaned with backup (quarantined). HKU\S-1-5-21-3708163554-466676748-1739137079-1007\Software\Web Offer\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined). HKU\S-1-5-21-3708163554-466676748-1739137079-1007\Software\Web Offer\Setup\Path -> Adware.Ezula : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056987.exe -> Adware.PurityScan : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056988.dll -> Adware.PurityScan : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056991.dll -> Adware.TTC : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056995.exe -> Adware.TTC : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061492.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\rqropno.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\Program Files\WinAble\winable.exe -> Downloader.Adload.lv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061409.exe -> Downloader.Adload.lv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061915.exe -> Downloader.Age : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056989.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056996.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined). C:\Documents and Settings\Mark\Application Data\Microsoft\rayiou.exe -> Downloader.Agent.buo : Cleaned with backup (quarantined). C:\Documents and Settings\Mark\Application Data\WinTouch\WinTouch.exe -> Downloader.Agent.buo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056970.exe -> Downloader.Agent.buo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056973.exe -> Downloader.Agent.cbx : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/b122.exe -> Downloader.Agent.dpn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061407.exe -> Downloader.Agent.dpn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061855.exe -> Downloader.Agent.dpn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061866.exe -> Downloader.Agent.dpn : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/retadpu572.exe.tmp -> Downloader.Agent.dvd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056999.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP589\A0057767.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/Yazzle1122OinAdmin.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/b128.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061853.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061856.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061867.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061871.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061490.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined). C:\VundoFix Backups\mxjkydch.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/b02FdUe1065.exe -> Downloader.VB.awj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056997.exe -> Downloader.VB.awj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP589\A0057765.exe -> Downloader.VB.awj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061858.exe -> Downloader.VB.awj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061865.exe -> Downloader.VB.awj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056983.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061860.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061870.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined). :mozilla.331:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.44:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.459:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.45:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.483:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.494:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.687:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.690:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.721:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.546:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.567:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.574:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.575:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.601:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.602:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.605:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.606:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.608:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.609:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.612:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.613:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.615:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.616:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.617:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.618:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.619:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.620:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned. :mozilla.568:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.570:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.571:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.584:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned. :mozilla.590:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned. :mozilla.555:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adengage : Cleaned. :mozilla.209:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.210:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.211:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.212:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.213:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.688:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.689:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.631:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.632:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.633:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.634:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.635:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.121:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.252:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.337:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.701:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.702:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.96:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned. :mozilla.599:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.42:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.603:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.604:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.576:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.592:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.594:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.598:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.641:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.642:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.698:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.699:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.95:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.171:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.172:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.173:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.174:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.175:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.177:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.179:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.614:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.719:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.720:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.68:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.307:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Msn : Cleaned. :mozilla.308:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Msn : Cleaned. :mozilla.309:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Msn : Cleaned. :mozilla.51:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.462:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.624:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.625:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.626:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.627:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.628:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.629:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.630:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.207:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.208:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.361:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.362:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.200:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.201:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.272:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.273:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.274:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.407:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.408:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.409:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.410:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.411:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.412:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.413:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.414:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.415:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.416:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.417:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.190:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.191:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.192:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.193:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.194:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.710:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.258:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.259:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.260:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.261:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.262:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.643:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.140:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.141:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.142:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.143:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.312:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.313:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.314:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.315:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.573:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.650:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.64:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.65:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.66:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.67:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.328:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.329:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.330:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.455:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.519:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.520:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.521:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.527:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.528:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.529:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.195:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.196:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.197:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\iwa0xh1u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\Program Files\Insider\Insider.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/b147.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061857.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061868.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061408.exe -> Trojan.Agent.bqn : Cleaned with backup (quarantined). C:\WINDOWS\msstasks.exe -> Trojan.Killav.db : Cleaned with backup (quarantined). C:\WINDOWS\mstasks2.exe -> Trojan.Killav.db : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0056984.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP589\A0057754.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061903.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061917.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0061956.exe -> Trojan.Small : Cleaned with backup (quarantined). ::Report end

JSntgRvr View Member Profile	Oct 15 2007, 07:25 PM Post #2
Global Moderator Posts: 6,769 From: Puerto Rico OS: Windows XP, VISTA Home Premium	Hi, Marsu Welcome to Geeks to go. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems Ugrading Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 3. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version. Please download VundoFix.exe to your desktop. Note: In the event you already have Vundofix, this is a new version that I need you to download. Double-click VundoFix.exe to run it. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK When VundoFix re-opens, click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot. Download ComboFix from Here to your Desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply along with a Hijackthis log. Click Close to exit the program.

Marsu View Member Profile	Oct 16 2007, 06:00 PM Post #3
Member Posts: 10 OS: Windows XP	Dear JSntgRvr, Thanks so much for your detailed response! Per your instruction, I upgraded my Java and ran all those programs. Below are the logs: VundoFix Log: VundoFix V6.5.10 Checking Java version... Scan started at 10:53:10 PM 10/15/2007 Listing files found while scanning.... C:\windows\system32\asxhthcr.dll C:\WINDOWS\system32\bkkjtbie.ini C:\windows\system32\cbhegusf.dll C:\WINDOWS\system32\eibtjkkb.dll C:\windows\system32\fjmteoth.dll C:\windows\system32\fsugehbc.ini C:\windows\system32\htoetmjf.ini C:\windows\system32\ifvfbsup.dll C:\windows\system32\kpqnxtet.ini C:\windows\system32\rchthxsa.ini C:\windows\system32\tetxnqpk.dll C:\WINDOWS\system32\xregoocn.dll Beginning removal... Attempting to delete C:\windows\system32\asxhthcr.dll C:\windows\system32\asxhthcr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\bkkjtbie.ini C:\WINDOWS\system32\bkkjtbie.ini Has been deleted! Attempting to delete C:\windows\system32\cbhegusf.dll C:\windows\system32\cbhegusf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\eibtjkkb.dll C:\WINDOWS\system32\eibtjkkb.dll Has been deleted! Attempting to delete C:\windows\system32\fjmteoth.dll C:\windows\system32\fjmteoth.dll Has been deleted! Attempting to delete C:\windows\system32\fsugehbc.ini C:\windows\system32\fsugehbc.ini Has been deleted! Attempting to delete C:\windows\system32\htoetmjf.ini C:\windows\system32\htoetmjf.ini Has been deleted! Attempting to delete C:\windows\system32\ifvfbsup.dll C:\windows\system32\ifvfbsup.dll Has been deleted! Attempting to delete C:\windows\system32\kpqnxtet.ini C:\windows\system32\kpqnxtet.ini Has been deleted! Attempting to delete C:\windows\system32\rchthxsa.ini C:\windows\system32\rchthxsa.ini Has been deleted! Attempting to delete C:\windows\system32\tetxnqpk.dll C:\windows\system32\tetxnqpk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xregoocn.dll C:\WINDOWS\system32\xregoocn.dll Has been deleted! Performing Repairs to the registry. Done! ComboFix Log: ComboFix 07-10-12.4 - Mark 2007-10-15 23:18:56.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.71 [GMT -5:00] Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Documents and Settings\Mark\Application Data\WinTouch C:\Program Files\Insider C:\Program Files\Insider\UnInstall.exe C:\Program Files\WinAble C:\temp\0b9 C:\temp\0b9\tmpTF.log C:\temp\0c2 C:\temp\0c2\tmpFF.log C:\temp\iee C:\temp\iee\tmpZTF.log C:\temp\tn3 C:\WINDOWS\cookies.ini C:\WINDOWS\system32\acoddtli.dll C:\WINDOWS\system32\bkolsvhb.exe C:\WINDOWS\system32\bnajouxr.exe C:\WINDOWS\system32\bneqygvv.dll C:\WINDOWS\system32\bujjouce.exe C:\WINDOWS\system32\cholqxjx.dll C:\WINDOWS\system32\cqddptvu.dll C:\WINDOWS\system32\deimyoji.exe C:\WINDOWS\system32\eqiatqle.exe C:\WINDOWS\system32\ewhtnmjw.dll C:\WINDOWS\system32\gxlgyvyr.dll C:\WINDOWS\SYSTEM32\hhkmp.bak1 C:\WINDOWS\SYSTEM32\hhkmp.bak1 C:\WINDOWS\system32\hpvgauyf.dll C:\WINDOWS\SYSTEM32\iltddoca.ini C:\WINDOWS\system32\jronmfoh.dll C:\WINDOWS\system32\kblfexho.dll C:\WINDOWS\system32\lcmnjqcq.exe C:\WINDOWS\system32\llinrtae.exe C:\WINDOWS\system32\lvmkpihp.dll C:\WINDOWS\system32\mibykwoy.dll C:\WINDOWS\system32\ojcdmste.dll C:\WINDOWS\SYSTEM32\orutv.bak2 C:\WINDOWS\SYSTEM32\orutv.bak2 C:\WINDOWS\SYSTEM32\orutv.ini C:\WINDOWS\SYSTEM32\orutv.ini C:\WINDOWS\SYSTEM32\orutv.ini2 C:\WINDOWS\SYSTEM32\orutv.ini2 C:\WINDOWS\SYSTEM32\orutv.tmp C:\WINDOWS\SYSTEM32\orutv.tmp C:\WINDOWS\SYSTEM32\phipkmvl.ini C:\WINDOWS\system32\pmkhh.dll C:\WINDOWS\system32\ptobrndj.dll C:\WINDOWS\system32\rvqsqmww.dll C:\WINDOWS\SYSTEM32\ryvyglxg.ini C:\WINDOWS\system32\sbqyuhud.exe C:\WINDOWS\system32\sifanecq.dll C:\WINDOWS\system32\ssembl~1 C:\WINDOWS\system32\tjjittxa.exe C:\WINDOWS\SYSTEM32\vturo.dll C:\WINDOWS\SYSTEM32\xjxqlohc.ini C:\WINDOWS\system32\xksdefbs.dll C:\WINDOWS\system32\xkvuygyl.exe C:\WINDOWS\system32\xtvxcdcb.exe C:\WINDOWS\SYSTEM32\yowkybim.ini C:\WINDOWS\tsitra572.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))) . 2007-10-15 23:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 22:46 <DIR> d-------- C:\Program Files\Java 2007-10-15 22:45 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-14 17:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-10-14 17:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles 2007-10-14 17:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF 2007-10-13 10:51 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-10-08 22:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-10-08 21:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-08 21:25 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com 2007-10-08 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-08 21:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-08 19:46 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Grisoft 2007-10-08 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-08 19:46 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2007-10-07 23:17 1,156 --a------ C:\WINDOWS\mozver.dat 2007-10-07 22:18 6,016,952 --a------ C:\Program Files\Firefox Setup 2.0.0.7.exe 2007-10-07 19:55 <DIR> d--h----- C:\WINDOWS\PIF 2007-10-07 19:17 73,728 --a------ C:\Program Files\KillBox.exe 2007-10-07 19:11 106 --a------ C:\delete.bat 2007-10-07 19:10 40,448 --a------ C:\Program Files\NoLop.exe 2007-10-07 18:47 <DIR> d-------- C:\WINDOWS\ERUNT 2007-10-07 18:36 1,159,340 --a------ C:\Program Files\SDFix.exe 2007-10-07 13:01 141,671 --a------ C:\Program Files\uninstall_flash_player.exe 2007-10-07 11:30 <DIR> d-------- C:\VundoFix Backups 2007-10-07 11:29 116,224 --a------ C:\Program Files\VundoFix.exe 2007-10-07 11:04 96,978 --a------ C:\Program Files\VirtumundoBeGone.exe 2007-10-06 17:01 <DIR> d-------- C:\Program Files\Temporary . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-13 15:50 --------- d-----w C:\Program Files\Real 2007-10-13 15:50 --------- d-----w C:\Program Files\Common Files\Real 2007-10-12 03:23 --------- d-----w C:\Program Files\HJT 2007-10-09 04:02 --------- d-----w C:\Program Files\DellSupport 2005-07-07 01:49 51,955 ---ha-w C:\Documents and Settings\Mark\Application Data\ptads.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27] "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 10:06] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 10:06] "McLogLch_exe"="C:\Program Files\McAfee\MSC\McLogLch.exe" [2006-08-28 11:36] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-13 10:47] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] C:\Documents and Settings\Mark\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2004-02-21 13:44:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime . Contents of the 'Scheduled Tasks' folder "2007-07-15 06:09:27 C:\WINDOWS\Tasks\McDefragTask.job" - C:\WINDOWS\system32\defrag.exe "2007-09-01 06:00:06 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-15 23:31:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2007-10-15 23:38:55 - machine was rebooted . --- E O F --- SUPERAntiSpyware Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/16/2007 at 08:21 AM Application Version : 3.9.1008 Core Rules Database Version : 3325 Trace Rules Database Version: 1326 Scan type : Complete Scan Total Scan Time : 01:07:11 Memory items scanned : 445 Memory threats detected : 0 Registry items scanned : 5969 Registry threats detected : 26 File items scanned : 54700 File threats detected : 59 Trojan.WinFixer HKLM\Software\Classes\CLSID\{415395E8-FCDD-4BD5-BD6A-15146BCD4961} HKCR\CLSID\{415395E8-FCDD-4BD5-BD6A-15146BCD4961} HKCR\CLSID\{415395E8-FCDD-4BD5-BD6A-15146BCD4961}\InprocServer32 HKCR\CLSID\{415395E8-FCDD-4BD5-BD6A-15146BCD4961}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\VTURO.DLL Adware.Tracking Cookie C:\Documents and Settings\Mark\Cookies\mark@pro-market[2].txt C:\Documents and Settings\Mark\Cookies\mark@enhance[2].txt C:\Documents and Settings\Mark\Cookies\mark@statcounter[1].txt C:\Documents and Settings\Mark\Cookies\mark@winantivirus[2].txt C:\Documents and Settings\Mark\Cookies\mark@trafficmp[1].txt C:\Documents and Settings\Mark\Cookies\mark@www.winantiviruspro[1].txt C:\Documents and Settings\Mark\Cookies\mark@www.winantispyware[2].txt C:\Documents and Settings\Mark\Cookies\mark@stats.drivecleaner[2].txt C:\Documents and Settings\Mark\Cookies\mark@drivecleaner[1].txt C:\Documents and Settings\Mark\Cookies\mark@questionmarket[2].txt C:\Documents and Settings\Mark\Cookies\mark@tribalfusion[1].txt C:\Documents and Settings\Mark\Cookies\mark@toseeka[1].txt C:\Documents and Settings\Mark\Cookies\mark@www.drivecleaner[2].txt C:\Documents and Settings\Mark\Cookies\mark@www.burstbeacon[2].txt C:\Documents and Settings\Mark\Cookies\mark@stats1.reliablestats[1].txt C:\Documents and Settings\Mark\Cookies\mark@zedo[2].txt C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[1].txt C:\Documents and Settings\Mark\Cookies\mark@media.adrevolver[1].txt C:\Documents and Settings\Mark\Cookies\mark@ads.revsci[1].txt C:\Documents and Settings\Mark\Cookies\mark@goclick[2].txt C:\Documents and Settings\Mark\Cookies\mark@adrevolver[1].txt C:\Documents and Settings\Mark\Cookies\mark@media.adrevolver[2].txt C:\Documents and Settings\Mark\Cookies\mark@pandasoftware.112.2o7[1].txt C:\Documents and Settings\Mark\Cookies\mark@advertising[2].txt C:\Documents and Settings\Mark\Cookies\mark@msnportal.112.2o7[1].txt C:\Documents and Settings\Mark\Cookies\mark@tremor.adbureau[2].txt C:\Documents and Settings\Mark\Cookies\mark@www.burstnet[2].txt C:\Documents and Settings\Mark\Cookies\mark@fastclick[2].txt C:\Documents and Settings\Mark\Cookies\mark@winantispyware[2].txt C:\Documents and Settings\Mark\Cookies\mark@atdmt[2].txt C:\Documents and Settings\Mark\Cookies\mark@winantispyware[1].txt Adware.Ezula HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA} HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0\0 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0\0\win32 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0\FLAGS HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0\HELPDIR HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories\{00021494-0000-0000-C000-000000000046} HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\InprocServer32 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\InprocServer32#ThreadingModel HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance#CLSID HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance\InitPropertyBag HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance\InitPropertyBag#Url C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BKOLSVHB.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BNAJOUXR.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BUJJOUCE.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DEIMYOJI.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EQIATQLE.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LCMNJQCQ.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LLINRTAE.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SBQYUHUD.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TJJITTXA.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XKVUYGYL.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XTVXCDCB.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067527.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067528.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067529.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067530.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067531.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067532.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067533.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067534.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067535.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067536.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067537.EXE C:\WINDOWS\WOINSTALL.EXE Adware.MediaMediatickets HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#{9EB320CE-BE1D-4304-A081-4B4665414BEF} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx [ ] Adware.ClickSpring/Yazzle HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString Adware.k8l C:\PROGRAM FILES\NETMEETING\RTEMEHDO.HTML Trojan.Downloader-Gen/TSITRA C:\QOOBOX\QUARANTINE\C\WINDOWS\TSITRA572.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0067526.EXE Adware.Vundo Variant C:\VUNDOFIX BACKUPS\OPNOMLI.DLL.BAD HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:54:08 PM, on 10/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\PROGRA~1\McAfee\MSC\McLogCln.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\HJT\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: PowerReg Scheduler V3.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136906757046 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7835 bytes This post has been edited by Marsu**: Oct 16 2007, 06:10 PM

JSntgRvr View Member Profile	Oct 16 2007, 07:04 PM Post #4
Global Moderator Posts: 6,769 From: Puerto Rico OS: Windows XP, VISTA Home Premium	Hi, Marsu Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktop QUOTE File:: C:\Documents and Settings\Mark\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe C:\delete.bat C:\Program Files\NoLop.exe C:\Program Files\VundoFix.exe C:\Program Files\VirtumundoBeGone.exe C:\Program Files\SDFix.exe Folder:: C:\Program Files\Temporary C:\VundoFix Backups C:\Program Files\Temporary Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a fresh Hijackthis log..

Marsu View Member Profile	Oct 16 2007, 08:38 PM Post #5
Member Posts: 10 OS: Windows XP	Hi JSntgRvr, OK, here are the updated logs... ComboFix log: ComboFix 07-10-12.4 - Mark 2007-10-16 22:09:18.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.80 [GMT -5:00] Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Mark\Desktop\CFScript.txt * Created a new restore point FILE:: C:\delete.bat C:\Documents and Settings\Mark\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe C:\Program Files\NoLop.exe C:\Program Files\SDFix.exe C:\Program Files\VirtumundoBeGone.exe C:\Program Files\VundoFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\delete.bat C:\Documents and Settings\Mark\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe C:\Program Files\NoLop.exe C:\Program Files\SDFix.exe C:\Program Files\Temporary C:\Program Files\VirtumundoBeGone.exe C:\Program Files\VundoFix.exe C:\VundoFix Backups C:\VundoFix Backups\addmorefiles.txt C:\VundoFix Backups\asxhthcr.dll.bad C:\VundoFix Backups\bbeeg.bak1.bad C:\VundoFix Backups\bbeeg.ini.bad C:\VundoFix Backups\bkkjtbie.ini.bad C:\VundoFix Backups\cbhegusf.dll.bad C:\VundoFix Backups\eibtjkkb.dll.bad C:\VundoFix Backups\fjmteoth.dll.bad C:\VundoFix Backups\fsugehbc.ini.bad C:\VundoFix Backups\geebb.dll.bad C:\VundoFix Backups\htoetmjf.ini.bad C:\VundoFix Backups\ifvfbsup.dll.bad C:\VundoFix Backups\kblfexho.dll.bad C:\VundoFix Backups\kpqnxtet.ini.bad C:\VundoFix Backups\ldlcasyv.dll.bad C:\VundoFix Backups\pqtss.bak1.bad C:\VundoFix Backups\pusbfvfi.ini.bad C:\VundoFix Backups\rchthxsa.ini.bad C:\VundoFix Backups\rpiscnfa.dll.bad C:\VundoFix Backups\sstqp.dll.bad C:\VundoFix Backups\tetxnqpk.dll.bad C:\VundoFix Backups\tuvurom.dll.bad C:\VundoFix Backups\vturo.dll.bad C:\VundoFix Backups\xregoocn.dll.bad . ((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))) . 2007-10-16 07:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-15 23:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 22:46 <DIR> d-------- C:\Program Files\Java 2007-10-15 22:45 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-14 17:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-10-14 17:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles 2007-10-14 17:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF 2007-10-13 10:51 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-10-08 22:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-10-08 21:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-08 21:25 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com 2007-10-08 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-08 19:46 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Grisoft 2007-10-08 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-08 19:46 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2007-10-07 23:17 1,156 --a------ C:\WINDOWS\mozver.dat 2007-10-07 22:18 6,016,952 --a------ C:\Program Files\Firefox Setup 2.0.0.7.exe 2007-10-07 19:55 <DIR> d--h----- C:\WINDOWS\PIF 2007-10-07 19:17 73,728 --a------ C:\Program Files\KillBox.exe 2007-10-07 18:47 <DIR> d-------- C:\WINDOWS\ERUNT 2007-10-07 13:01 141,671 --a------ C:\Program Files\uninstall_flash_player.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-17 00:53 --------- d-----w C:\Program Files\HJT 2007-10-13 15:50 --------- d-----w C:\Program Files\Real 2007-10-13 15:50 --------- d-----w C:\Program Files\Common Files\Real 2007-10-09 04:02 --------- d-----w C:\Program Files\DellSupport 2005-07-07 01:49 51,955 ---ha-w C:\Documents and Settings\Mark\Application Data\ptads.bin . ((((((((((((((((((((((((((((( snapshot@2007-10-15_23.37.13.12 ))))))))))))))))))))))))))))))))))))))))) . + 2006-10-19 02:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll + 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe + 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll + 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe + 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll + 2006-10-19 02:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll + 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe + 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll + 2006-11-01 23:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe - 2006-11-01 23:31:34 315,904 ----a-w C:\WINDOWS\INF\unregmp2.exe + 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\INF\unregmp2.exe - 2007-10-09 02:25:45 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe + 2007-10-16 12:09:53 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe - 2007-10-09 02:25:45 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2007-10-16 12:09:53 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe - 2007-10-09 02:25:45 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2007-10-16 12:09:53 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2006-10-19 02:47:16 414,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll + 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll - 2006-10-19 02:47:16 414,208 ----a-w C:\WINDOWS\SYSTEM32\msscp.dll + 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\SYSTEM32\msscp.dll - 2006-10-19 02:47:20 10,834,432 ----a-w C:\WINDOWS\SYSTEM32\wmp.dll + 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\SYSTEM32\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27] "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 10:06] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 10:06] "McLogLch_exe"="C:\Program Files\McAfee\MSC\McLogLch.exe" [2006-08-28 11:36] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-13 10:47] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime . Contents of the 'Scheduled Tasks' folder "2007-07-15 06:09:27 C:\WINDOWS\Tasks\McDefragTask.job" - C:\WINDOWS\system32\defrag.exe "2007-09-01 06:00:06 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 22:17:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2007-10-16 22:24:51 - machine was rebooted C:\ComboFix2.txt ... 2007-10-15 23:38 . --- E O F --- HiJackThis Log:** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:30:43 PM, on 10/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\McAfee\MSC\McLogCln.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HJT\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136906757046 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7911 bytes

JSntgRvr View Member Profile	Oct 17 2007, 11:43 AM Post #6
Global Moderator Posts: 6,769 From: Puerto Rico OS: Windows XP, VISTA Home Premium	Hi, Marsu The log looks clear. How is the computer doing?

Marsu View Member Profile	Oct 17 2007, 08:09 PM Post #7
Member Posts: 10 OS: Windows XP	Hi JSntgRvr, I had noticed yesterday while running those scans that no pop-ups had occurred, and tonight I browsed a little with Internet Explorer (which was infested with pop-ups a few days ago) and they are all gone, too! So it appears that everything is working fine now! Thanks again for all your help, those suggestions really did the trick.

JSntgRvr View Member Profile	Oct 18 2007, 12:21 PM Post #8
Global Moderator Posts: 6,769 From: Puerto Rico OS: Windows XP, VISTA Home Premium	Hi, Marsu. Congratulations. Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools. Make sure you remove the following folder as it contains the infected files found: C:\Qoobox Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.) To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK.. Create a Restore point: Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. In the System Restore dialog box, click Create a restore point, and then click Next. Type a description for your restore point, such as "After Cleanup", then click Create. The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. SpywareBlaster - Great prevention tool to keep nasties from installing on your system. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. Best wishes!

JSntgRvr View Member Profile	Oct 21 2007, 04:27 PM Post #9
Global Moderator Posts: 6,769 From: Puerto Rico OS: Windows XP, VISTA Home Premium	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Need help removing winfixer pop up ads [RESOLVED]	8 / 1,477	6th January 2006 - 04:33 AM cookiemunsta started - last by loophole
Virus, Spyware and Trojan Removal Pop-up Ads [RESOLVED]	10 / 558	31st December 2005 - 01:26 PM irishmin18 started - last by Kat
Virus, Spyware and Trojan Removal CiD Pop up ads [RESOLVED] 12	22 / 1,052	1st July 2007 - 10:21 PM mrschupa started - last by coachwife6
Virus, Spyware and Trojan Removal bestrevenue.net AND ad.yieldmanager POP-UP ads [RESOLVED] 123	31 / 2,756	15th March 2008 - 05:06 PM juiicy27 started - last by andrewuk