Four days ago, while searching for photos on the web, I came upon one that said it required an Active X update. Thinking it would be ok, (I’m pretty computer illiterate! Please keep that in mind as you read this, and try not to laugh or shake your head too much), I hit the "run" button. Immediately my system froze up, and so I rebooted. Note, I did not have an active virus program at the time (stupid, I know).
Upon restart, I was confronted with a changed desktop bmp (ctfmonb), a new screensaver (blackster/bugs!), and the clock on the taskbar was in military time with "VIRUS ALERT!" next to it (as well as beside all directory files).
I immediately attempted to do a system restore, but discovered all restore points to be inactive EXCEPT the one listed for that date, which was apparently created by the malware at the time of infection. (I later turned off system restore to delete that entry point. I turned it back on and created my own point today, after I was relatively sure that there were no other Trojans detected). I also right-clicked to go to display properties, but was told it had been disabled by my administrator (uh, which is ME).
Other, subsequent problems I encountered while trying to ascertain what I was facing, included a disabled task manager, disabled registry, icons missing from my desktop for programs (paint and Socio to name two), links missing from settings menu for control panel and Network Setting, no C drive located in My Computer, Automatic Updates turned off and not able to turn on or stay on, and websites and alert messages popping up right and left urging me to click "yes" to download anti-spyware (one of which I originally, stupidly said yes to, and was taken to a site asking for credit card information…which I quickly closed out). Icons for that site then got placed on my desktop which I repeatedly deleted, but that would reappear after each restart.
I tried a few different scans that all showed I had a variety of Trojans, but ultimately wanted me to buy their products in order to remove them. After many trial runs and uninstalls, I finally, currently have installed (and active), McAfee, Windows Defender and Spybot. Going back and forth from safe mode to normal mode, I ran about ten (or more) different scans with both McAfee and Spybot, and have effectively taken care of MOST of the problem…I think. All scans, as well as Panda online scan, reveal no further Trojans present.
From doing internet searches, I was able to discover that the malware generally associated with my symptoms was called “Trojan: W32/Pakes. CSG”. One site I went to that was related to this malware, instructed someone to end process on the ctfmona.exe file. So, once I figured out how to get my task manager operative (found code to enable regedit and went in and changed values), I looked and saw I did have the ctfmona process running. I ended it, but with each reboot, it reappeared and all values changed themselves back! Thinking this ctf thing must be the root file, I did a search for the ctfmona.exe file. I subsequently deleted the C\:Windows\System32.ctfmona.exe (might not be listed right) file and all others that came up for that search.
The scans and/or ctf file removal seemed to help A LOT, as a reboot proved to have the disabled-access to the registry, display, and taskbar fixed, as well as the pop up alerts finally ending. The ctfmona.exe process was no longer running, and the background and screensaver allowed me to change them and keep them changed. Desktop icons stopped reappearing, too.
There are STILL some residual things remaining from the virus, and perhaps some I might have messed up on my own by trying to change processes and services when I clearly don’t know what I’m doing. These are:
1) The clock on the taskbar is still in military time, with VIRUS ALERT! next to it (same goes for all IM timestamps and beside each entry in directory files). I did find instructions on your site for someone else with this problem to go to the registry and find: HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion and replace the words VIRUS ALERT with the product ID. I did this, but it didn’t fix it.
2) I am still getting unsolicited websites popping up over every site/page that I attempt to access…and have to keep closing them out. These range from porn sites to work-at-home sites.
3) And this one might be my error, but I cannot change the services to enable or start Automatic Updates. It says there is a “error 1058”, whatever that means. This might be the case with other services also, as over time I have made adjustments to many things that I “thought” would help.
Beyond those 3 issues, and a VERY slow system (probably resulting from one or more of the above problems and/or some registry issues??), the virus/malware seems to be extracted for the most part. I’ll have to let you be the judge of that, though. Just need to know where to go from here, without retracing steps if possible?
One other important thing for me to note is that my computer was made for me by a company more than six years ago. So essentially it is a “mutt”. It has needed a bios upgrade for a very long time. I do work online, as well as a lot of game playing, and have suffered through many (understatement) freezes and shutdowns, which all began after I upgraded my memory card and attempted to install NVidia graphics card. I thought the graphics was the problem, so I removed it and returned it to the store. Upgrading drivers only makes the shutdowns more frequent. (fyi: I have Driver Detective).
To be honest, and I know this is just dumb of me considering the problems I’m having, but I just have not been able to afford to have the computer properly maintained ( bios upgraded, etc), and attempts to figure out doing it myself have met with negative results (I’m just not wired right to understand the whole process, and the warnings for doing it wrong just scare me out of trying…which is probably a good thing). So, needless to say, the scanning took me far longer than it should have, since most every time Spybot got to 90 percent, it sent me to the blue screen.
One other note I should make here is that (before I removed the malware) I attempted to re-install Windows from the CD. This also sent me to the blue screen, so I gave up on that. I didn’t want to be without a computer altogether.
Ok, that about covers it all, I think. Please forgive my long-windedness. I tend to try and be as thorough as possible in order to alleviate unanswered questions from the start.
Below I am adding my HijackThis logs, as well as the scan log from Panda (Panda done in safe mode because it kept closing out explorer during scan in normal mode). I appreciate any assistance you can give me that might help me resolve my remaining issues!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00: VIRUS ALERT!, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [e4608604] rundll32.exe "C:\WINDOWS\system32\wdovjbqr.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZUxdm486NVUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5E936384-B736-4A9E-AA93-832CA59FDCEC} (InstallShield Setup Player V11) - http://ea-land.ea.co...stall/setup.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100187957187
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\SCRABBLE\Images\armhelper.ocx
O21 - SSODL: vltdfabw - {8839C6A7-B3F3-4847-BBD0-B2F1819188BE} - C:\WINDOWS\vltdfabw.dll (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7706 bytes
Panda Active Scan Logs:
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-01 19:28:45
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193}
00032705 adware/iemenuextension Adware No 0 Yes No hkey_local_machine\software\iemenuextension
00032705 adware/iemenuextension Adware No 0 Yes No hkey_current_user\software\iemenuextension
00032705 adware/iemenuextension Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{6B95678D-30A4-4FF8-A72F-4208340C1F7F}
00046160 adware/searchexe Adware No 0 Yes No HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL
00062819 trj/downloader.aee Virus/Trojan No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D0D9077-3798-49BB-9058-393499174D5D}
00135099 adware/powerstrip Adware No 0 Yes No c:\windows\system32\lmd.bin
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@tradedoubler[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@mediaplex[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@linksynergy[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@clickbank[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@clickbank[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.maxserving.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@revenue[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.xiti.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.bs.serving-sys.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.server.iad.liveperson.net/hc/13333554]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.server.iad.liveperson.net/hc/15527479]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.server.iad.liveperson.net/hc/17283262]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.server.iad.liveperson.net/hc/78945788]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@adrevolver[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\educomp@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\guest@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.go.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\[email protected][1].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\[email protected][1].txt
00225945 adware/enhancemsearch Adware No 0 Yes No c:\windows\searchen.dat
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Application Data\Mozilla\Firefox\Profiles\8k434t2i.default\cookies.txt[.ads.addynamix.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\EduComp\Cookies\[email protected][1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.COMPUTER-GGE7P7\Cookies\[email protected][1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location v}
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description v}
;===============================================================================
=================================================================================
===================
157262 HIGH MS07-022 v}
157261 HIGH MS07-021 v}
157260 HIGH MS07-020 v}
157259 HIGH MS07-019 v}
156477 HIGH MS07-017 v}
;===============================================================================
=================================================================================
===================
Again, I appreciate your help!! I think what you all are doing here is fantastic, and I feel very lucky I stumbled onto your site. Reading some of the help that you have given others, I feel, has aided me a lot in the progress I have made already, as well as my overall understanding of some key terms and issues that I otherwise would be very frustrated over (more so than I am). So…thank you SO much for what you do!!! PS: If I have posted things here wrong, please forgive me (and correct me). This is my first post here.
Sign In
Create Account
