Cannot Remove Trojan Virus[RESOLVED]

[chasedraney]

Hi,

I believe I have infected files in my System Volume Information folder. They look like trojans from an adult website or something. There are 6 infected files total. AVG recognized the infected files, but could not clean them. NOD32 recognized the infected files as well, but could not clean them. I am afraid to just manually delete them, because I don't know if they are system files or not. I am going to post the hijackthis log, as well as the nod32 log. Any help would be appreciated. Also, I believe they may be hindering my ability to download large files, or streaming videos (such as videos off of charlierose.com). The videos just download 1/5 of the way, and then stop.

HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1

Scan saved at 2:28:44 PM, on 9/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Chase Draney\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Inet\Common\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162668820766

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

NOD32 LOG:

Scan performed at: 9/16/2007 14:10:32 PM

Scanning Log

NOD32 version 2533 (20070916) NT

Command line: C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115

Date: 16.9.2007 Time: 14:10:35

Anti-Stealth technology is enabled.

Scanned disks, folders and files: C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032278.exe »ZIP »QaBar.dll - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032278.exe »ZIP »SetupAdultLinks.exe - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032279.exe »ZIP »QaBar.dll - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032279.exe »ZIP »SetupAdultLinks.exe - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032280.exe »ZIP »QaBar.dll - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032280.exe »ZIP »SetupAdultLinks.exe - Win32/TrojanClicker.Qabar.B trojan

Number of scanned files: 9139

Number of threats found: 6

Time of completion: 14:21:21 Total scanning time: 646 sec (00:10:46)

[chasedraney]

Hi,

I believe I have infected files in my System Volume Information folder. They look like trojans from an adult website or something. There are 6 infected files total. AVG recognized the infected files, but could not clean them. NOD32 recognized the infected files as well, but could not clean them. I am afraid to just manually delete them, because I don't know if they are system files or not. I am going to post the hijackthis log, as well as the nod32 log. Any help would be appreciated. Also, I believe they may be hindering my ability to download large files, or streaming videos (such as videos off of charlierose.com). The videos just download 1/5 of the way, and then stop.

HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1

Scan saved at 2:28:44 PM, on 9/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Chase Draney\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Inet\Common\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162668820766

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

NOD32 LOG:

Scan performed at: 9/16/2007 14:10:32 PM

Scanning Log

NOD32 version 2533 (20070916) NT

Command line: C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115

Date: 16.9.2007 Time: 14:10:35

Anti-Stealth technology is enabled.

Scanned disks, folders and files: C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032278.exe »ZIP »QaBar.dll - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032278.exe »ZIP »SetupAdultLinks.exe - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032279.exe »ZIP »QaBar.dll - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032279.exe »ZIP »SetupAdultLinks.exe - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032280.exe »ZIP »QaBar.dll - Win32/TrojanClicker.Qabar.B trojan

C:\System Volume Information\_restore{4EC5A403-8DBD-4942-A48F-4F6C3D06CE0A}\RP115\A0032280.exe »ZIP »SetupAdultLinks.exe - Win32/TrojanClicker.Qabar.B trojan

Number of scanned files: 9139

Number of threats found: 6

Time of completion: 14:21:21 Total scanning time: 646 sec (00:10:46)

Ok, so the downloading of files is no longer an issue, but I would still like help with the virus. I also forgot to mention that BitDefender also could not clean the files.

[__RiP_ChAiN_]

Hello chase,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Inet\Common\blank.htm

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  

[chasedraney]

activescan results:

Incident Status Location

Adware:adware/ncase Not disinfected c:\temp\salm.log

Adware:adware/gator Not disinfected c:\GatorPatch.log

Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Amber Lemos\Application Data\Mozilla\Firefox\Profilesjni4cuv.default\cookies.txt[.webpower.com/]

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Amber Lemos\Application Data\Mozilla\Firefox\Profilesjni4cuv.default\cookies.txt[.did-it.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amber Lemos\Application Data\Mozilla\Profiles\default\ewzoi4vs.slt\cookies.txt[.atwola.com/]

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Amber Lemos\Application Data\Mozilla\Profiles\default\ewzoi4vs.slt\cookies.txt[.bravenet.com/]

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@888[2].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber [email protected][2].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@adultfriendfinder[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber [email protected][1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@atwola[1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@atwola[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@atwola[3].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@azjmp[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@belnk[2].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@did-it[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber [email protected][1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber [email protected][2].txt

Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@offeroptimizer[2].txt

Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@rn11[2].txt

Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@toprebates[2].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@winfixer[1].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@winfixer[2].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@winfixer[3].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@winfixer[4].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@winfixer[5].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@winfixer[7].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Amber Lemos\Cookies\amber lemos@xiti[1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amber Lemos\Local Settings\Temp\Cookies\amber lemos@atwola[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amber Lemos\Local Settings\Temp\Cookies\amber lemos@belnk[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amber Lemos\Local Settings\Temp\Cookies\amber [email protected][2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Amber Lemos\Local Settings\Temp\Cookies\amber lemos@go[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Amber Lemos\Local Settings\Temp\~DF32B.tmp

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chase Draney\Application Data\Mozilla\Firefox\Profiles\afja5w0l.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chase Draney\Application Data\Mozilla\Firefox\Profiles\afja5w0l.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chase Draney\Application Data\Mozilla\Firefox\Profiles\afja5w0l.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chase Draney\Application Data\Mozilla\Firefox\Profiles\afja5w0l.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chase Draney\Application Data\Mozilla\Firefox\Profiles\afja5w0l.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chase Draney\Application Data\Mozilla\Firefox\Profiles\afja5w0l.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chase Draney\Application Data\Mozilla\Firefox\Profiles\afja5w0l.default\cookies.txt[.com.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chase Draney\Application Data\Mozilla\Firefox\Profiles\afja5w0l.default\cookies.txt[.2o7.net/]

Virus:W32/Nimda.htm Disinfected C:\Documents and Settings\Chase Draney\Application Data\Thunderbird\Profiles\gccpcfh7.default\Mail\Local Folders\Inbox.sbd\STUFF[~0000608.~]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.016\FILE0000.CHK[.doubleclick.net/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.016\FILE0000.CHK[.valueclick.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.016\FILE0000.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.016\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.016\FILE0000.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.016\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.016\FILE0000.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.016\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.016\FILE0000.CHK[.tradedoubler.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.016\FILE0000.CHK[.realmedia.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.016\FILE0000.CHK[.atdmt.com/]

Spyware:Cookie/BurstNet Not disinfected C:\FOUND.016\FILE0000.CHK[.burstnet.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\FOUND.016\FILE0000.CHK[www.burstbeacon.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.016\FILE0000.CHK[.questionmarket.com/]

Spyware:Cookie/Adtech Not disinfected C:\FOUND.016\FILE0000.CHK[.adtech.de/]

Spyware:Cookie/SexList Not disinfected C:\FOUND.016\FILE0000.CHK[.sexlist.com/]

Spyware:Cookie/Atwola Not disinfected C:\FOUND.016\FILE0000.CHK[.atwola.com/]

Spyware:Cookie/2o7 Not disinfected C:\FOUND.016\FILE0000.CHK[.2o7.net/]

Spyware:Cookie/QkSrv Not disinfected C:\FOUND.016\FILE0000.CHK[.qksrv.net/]

Spyware:Cookie/Com.com Not disinfected C:\FOUND.016\FILE0000.CHK[.com.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.016\FILE0000.CHK[.casalemedia.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.016\FILE0000.CHK[.fastclick.net/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.016\FILE0000.CHK[.casalemedia.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.016\FILE0000.CHK[.fastclick.net/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.016\FILE0000.CHK[.casalemedia.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.016\FILE0000.CHK[.fastclick.net/]

Spyware:Cookie/Falkag Not disinfected C:\FOUND.016\FILE0000.CHK[.as-us.falkag.net/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.016\FILE0000.CHK[ad.yieldmanager.com/]

Spyware:Cookie/cs.sexcounter Not disinfected C:\FOUND.016\FILE0000.CHK[.cs.sexcounter.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.016\FILE0000.CHK[.sextracker.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.016\FILE0000.CHK[counter6.sextracker.com/]

Spyware:Cookie/Linksynergy Not disinfected C:\FOUND.016\FILE0000.CHK[.linksynergy.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.016\FILE0000.CHK[.adrevolver.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.016\FILE0000.CHK[.trafficmp.com/]

Spyware:Cookie/Overture Not disinfected C:\FOUND.016\FILE0000.CHK[.overture.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.016\FILE0000.CHK[.mediaplex.com/]

Spyware:Cookie/Adserver Not disinfected C:\FOUND.016\FILE0000.CHK[.z1.adserver.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.016\FILE0000.CHK[.ath.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.016\FILE0000.CHK[.dist.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.016\FILE0000.CHK[.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.016\FILE0000.CHK[.ath.belnk.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.016\FILE0000.CHK[.bluestreak.com/]

Spyware:Cookie/Go Not disinfected C:\FOUND.016\FILE0000.CHK[.go.com/]

Spyware:Cookie/Maxserving Not disinfected C:\FOUND.016\FILE0000.CHK[.maxserving.com/]

Spyware:Cookie/PayCounter Not disinfected C:\FOUND.016\FILE0000.CHK[.paycounter.com/]

Spyware:Cookie/Statcounter Not disinfected C:\FOUND.016\FILE0000.CHK[.statcounter.com/]

Spyware:Cookie/AdDynamix Not disinfected C:\FOUND.016\FILE0000.CHK[.ads.addynamix.com/]

Spyware:Cookie/PointRoll Not disinfected C:\FOUND.016\FILE0000.CHK[.ads.pointroll.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.016\FILE0000.CHK[.tribalfusion.com/]

Spyware:Cookie/bravenetA Not disinfected C:\FOUND.016\FILE0000.CHK[.bravenet.com/]

Spyware:Cookie/WUpd Not disinfected C:\FOUND.016\FILE0000.CHK[.revenue.net/]

Spyware:Cookie/Searchportal Not disinfected C:\FOUND.016\FILE0000.CHK[searchportal.information.com/]

Spyware:Cookie/CentrPort Not disinfected C:\FOUND.016\FILE0000.CHK[.centrport.net/]

Spyware:Cookie/Mammamediasolutions Not disinfected C:\FOUND.016\FILE0000.CHK[.targetnet.com/]

Spyware:Cookie/Tickle Not disinfected C:\FOUND.016\FILE0000.CHK[.tickle.com/]

Spyware:Cookie/onestat.com Not disinfected C:\FOUND.016\FILE0000.CHK[stat.onestat.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.016\FILE0000.CHK[server.iad.liveperson.net/hc/91338698]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.016\FILE0000.CHK[server.iad.liveperson.net/]

Spyware:Cookie/Overture Not disinfected C:\FOUND.016\FILE0000.CHK[.perf.overture.com/]

Spyware:Cookie/Apmebf Not disinfected C:\FOUND.016\FILE0000.CHK[.apmebf.com/]

Spyware:Cookie/Zedo Not disinfected C:\FOUND.016\FILE0000.CHK[.zedo.com/]

Spyware:Cookie/FortuneCity Not disinfected C:\FOUND.016\FILE0000.CHK[.fortunecity.com/]

Spyware:Cookie/Peel Not disinfected C:\FOUND.016\FILE0000.CHK[.peel.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.016\FILE0000.CHK[.serving-sys.com/]

Spyware:Cookie/Toplist Not disinfected C:\FOUND.016\FILE0000.CHK[.toplist.cz/]

Spyware:Cookie/Bfast Not disinfected C:\FOUND.016\FILE0000.CHK[.bfast.com/]

Spyware:Cookie/XXXtoolbar Not disinfected C:\FOUND.016\FILE0000.CHK[.xxxtoolbar.com/]

Spyware:Cookie/SpyLog Not disinfected C:\FOUND.016\FILE0000.CHK[.spylog.com/]

Spyware:Cookie/Xiti Not disinfected C:\FOUND.016\FILE0000.CHK[.xiti.com/]

Spyware:Cookie/HotLog Not disinfected C:\FOUND.016\FILE0000.CHK[.hotlog.ru/]

Spyware:Cookie/Yadro Not disinfected C:\FOUND.016\FILE0000.CHK[.yadro.ru/]

Spyware:Cookie/Kount Not disinfected C:\FOUND.016\FILE0000.CHK[.kount.com/]

Spyware:Cookie/Netster Not disinfected C:\FOUND.016\FILE0000.CHK[lb3.netster.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.016\FILE0000.CHK[server.iad.liveperson.net/hc/11042824]

Spyware:Cookie/Tucows Not disinfected C:\FOUND.016\FILE0000.CHK[.tucows.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.016\FILE0000.CHK[statse.webtrendslive.com/S148884]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.016\FILE0000.CHK[statse.webtrendslive.com/S149247]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.016\FILE0000.CHK[statse.webtrendslive.com/S130376]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.016\FILE0000.CHK[statse.webtrendslive.com/S151261]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.016\FILE0000.CHK[statse.webtrendslive.com/S130376]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.016\FILE0000.CHK[statse.webtrendslive.com/S148884]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.016\FILE0000.CHK[statse.webtrendslive.com/S149247]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.016\FILE0000.CHK[statse.webtrendslive.com/S151261]

Spyware:Cookie/Com.com Not disinfected C:\FOUND.016\FILE0000.CHK[.uol.com.br/]

Spyware:Cookie/Hitbox Not disinfected C:\FOUND.016\FILE0000.CHK[.ehg-ubisoft.hitbox.com/]

Spyware:Cookie/Hitbox Not disinfected C:\FOUND.016\FILE0000.CHK[.hg1.hitbox.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.018\FILE0001.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.018\FILE0001.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.018\FILE0001.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.018\FILE0001.CHK[.servedby.advertising.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.018\FILE0001.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.018\FILE0001.CHK[.valueclick.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.018\FILE0001.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.018\FILE0001.CHK[.valueclick.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.018\FILE0001.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.018\FILE0001.CHK[.atdmt.com/]

Spyware:Cookie/Overture Not disinfected C:\FOUND.018\FILE0001.CHK[.overture.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.018\FILE0001.CHK[.realmedia.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.018\FILE0001.CHK[.trafficmp.com/]

Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.018\FILE0001.CHK[.tradedoubler.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.018\FILE0001.CHK[.fastclick.net/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.018\FILE0001.CHK[.ath.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.018\FILE0001.CHK[.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.018\FILE0001.CHK[.ath.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.018\FILE0001.CHK[.dist.belnk.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.018\FILE0001.CHK[.doubleclick.net/]

Spyware:Cookie/Zedo Not disinfected C:\FOUND.018\FILE0001.CHK[.zedo.com/]

Spyware:Cookie/Adserver Not disinfected C:\FOUND.018\FILE0001.CHK[.z1.adserver.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.018\FILE0001.CHK[.casalemedia.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.018\FILE0001.CHK[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.018\FILE0001.CHK[bs.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.018\FILE0001.CHK[.serving-sys.com/]

Spyware:Cookie/Atwola Not disinfected C:\FOUND.018\FILE0001.CHK[.atwola.com/]

Spyware:Cookie/2o7 Not disinfected C:\FOUND.018\FILE0001.CHK[.2o7.net/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.018\FILE0001.CHK[.247realmedia.com/]

Spyware:Cookie/bravenetA Not disinfected C:\FOUND.018\FILE0001.CHK[.bravenet.com/]

Spyware:Cookie/AdDynamix Not disinfected C:\FOUND.018\FILE0001.CHK[.ads.addynamix.com/]

Spyware:Cookie/BurstNet Not disinfected C:\FOUND.018\FILE0001.CHK[.burstnet.com/]

Spyware:Cookie/Ysbweb Not disinfected C:\FOUND.018\FILE0001.CHK[.ysbweb.com/]

Spyware:Cookie/CentrPort Not disinfected C:\FOUND.018\FILE0001.CHK[.centrport.net/]

Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.018\FILE0001.CHK[.questionmarket.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.018\FILE0001.CHK[.mediaplex.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.018\FILE0001.CHK[.adrevolver.com/]

Spyware:Cookie/PayCounter Not disinfected C:\FOUND.018\FILE0001.CHK[.paycounter.com/]

Spyware:Cookie/SexList Not disinfected C:\FOUND.018\FILE0001.CHK[.sexlist.com/]

Spyware:Cookie/cs.sexcounter Not disinfected C:\FOUND.018\FILE0001.CHK[.cs.sexcounter.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\FOUND.018\FILE0001.CHK[www.burstbeacon.com/]

Spyware:Cookie/Netster Not disinfected C:\FOUND.018\FILE0001.CHK[lb3.netster.com/index/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.018\FILE0001.CHK[statse.webtrendslive.com/]

Spyware:Cookie/Statcounter Not disinfected C:\FOUND.018\FILE0001.CHK[.statcounter.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.020\FILE0000.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.020\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.020\FILE0000.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.020\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.020\FILE0000.CHK[.atdmt.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.020\FILE0000.CHK[.realmedia.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.020\FILE0000.CHK[.doubleclick.net/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.020\FILE0000.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.020\FILE0000.CHK[.trafficmp.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.020\FILE0000.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.020\FILE0000.CHK[.trafficmp.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.020\FILE0000.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.020\FILE0000.CHK[.trafficmp.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.020\FILE0000.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Peel Not disinfected C:\FOUND.020\FILE0000.CHK[.peel.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.020\FILE0000.CHK[.fastclick.net/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.020\FILE0000.CHK[.ath.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.020\FILE0000.CHK[.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.020\FILE0000.CHK[.ath.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.020\FILE0000.CHK[.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.020\FILE0000.CHK[.dist.belnk.com/]

Spyware:Cookie/cs.sexcounter Not disinfected C:\FOUND.020\FILE0000.CHK[.cs.sexcounter.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.020\FILE0000.CHK[.sextracker.com/]

Spyware:Cookie/BurstNet Not disinfected C:\FOUND.020\FILE0000.CHK[.burstnet.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.020\FILE0000.CHK[.casalemedia.com/]

Spyware:Cookie/Com.com Not disinfected C:\FOUND.020\FILE0000.CHK[.com.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.020\FILE0000.CHK[.adrevolver.com/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.020\FILE0000.CHK[.valueclick.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.020\FILE0000.CHK[.mediaplex.com/]

Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.020\FILE0000.CHK[.tradedoubler.com/]

Spyware:Cookie/SexList Not disinfected C:\FOUND.020\FILE0000.CHK[.sexlist.com/]

Spyware:Cookie/PayCounter Not disinfected C:\FOUND.020\FILE0000.CHK[.paycounter.com/]

Spyware:Cookie/Overture Not disinfected C:\FOUND.020\FILE0000.CHK[.perf.overture.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.021\FILE0002.CHK[.atdmt.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.021\FILE0002.CHK[.realmedia.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.021\FILE0002.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.021\FILE0002.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.021\FILE0002.CHK[.advertising.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.021\FILE0002.CHK[.trafficmp.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.021\FILE0002.CHK[.adrevolver.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.021\FILE0002.CHK[.doubleclick.net/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.021\FILE0002.CHK[.fastclick.net/]

Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.021\FILE0002.CHK[.tradedoubler.com/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.021\FILE0002.CHK[.valueclick.com/]

Spyware:Cookie/Peel Not disinfected C:\FOUND.021\FILE0002.CHK[.peel.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.027\FILE0005.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.027\FILE0005.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.027\FILE0005.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.027\FILE0005.CHK[.servedby.advertising.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.027\FILE0005.CHK[.realmedia.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.027\FILE0005.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.027\FILE0005.CHK[.servedby.advertising.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.027\FILE0005.CHK[.fastclick.net/]

Spyware:Cookie/Adserver Not disinfected C:\FOUND.027\FILE0005.CHK[.z1.adserver.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.027\FILE0005.CHK[.fastclick.net/]

Spyware:Cookie/Adserver Not disinfected C:\FOUND.027\FILE0005.CHK[.z1.adserver.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.027\FILE0005.CHK[.fastclick.net/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.027\FILE0005.CHK[.atdmt.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.027\FILE0005.CHK[.adrevolver.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.027\FILE0005.CHK[.doubleclick.net/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.027\FILE0005.CHK[.trafficmp.com/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.027\FILE0005.CHK[.valueclick.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.027\FILE0005.CHK[.mediaplex.com/]

Spyware:Cookie/Peel Not disinfected C:\FOUND.027\FILE0005.CHK[.peel.com/]

Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.027\FILE0005.CHK[.tradedoubler.com/]

Spyware:Cookie/2o7 Not disinfected C:\FOUND.027\FILE0005.CHK[.2o7.net/]

Spyware:Cookie/Atwola Not disinfected C:\FOUND.027\FILE0005.CHK[.atwola.com/]

Spyware:Cookie/Target Not disinfected C:\FOUND.027\FILE0005.CHK[.target.com/]

Spyware:Cookie/BurstNet Not disinfected C:\FOUND.027\FILE0005.CHK[.burstnet.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.027\FILE0005.CHK[.casalemedia.com/]

Spyware:Cookie/Mammamediasolutions Not disinfected C:\FOUND.027\FILE0005.CHK[.targetnet.com/]

Spyware:Cookie/Bridgetrack Not disinfected C:\FOUND.027\FILE0005.CHK[citi.bridgetrack.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\FOUND.027\FILE0005.CHK[www.burstbeacon.com/]

Spyware:Cookie/Zedo Not disinfected C:\FOUND.027\FILE0005.CHK[.zedo.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.027\FILE0005.CHK[.ath.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.027\FILE0005.CHK[.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.027\FILE0005.CHK[.dist.belnk.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.027\FILE0005.CHK[.bluestreak.com/]

Spyware:Cookie/Overture Not disinfected C:\FOUND.027\FILE0005.CHK[.perf.overture.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.027\FILE0005.CHK[.tribalfusion.com/]

Spyware:Cookie/Adtech Not disinfected C:\FOUND.027\FILE0005.CHK[.adtech.de/]

Spyware:Cookie/Toplist Not disinfected C:\FOUND.027\FILE0005.CHK[.toplist.cz/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.028\FILE0005.CHK[.valueclick.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.028\FILE0005.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.028\FILE0005.CHK[.doubleclick.net/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.028\FILE0005.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.028\FILE0005.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.028\FILE0005.CHK[.servedby.advertising.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.028\FILE0005.CHK[.realmedia.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.028\FILE0005.CHK[.atdmt.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.033\FILE0001.CHK[.doubleclick.net/]

Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.033\FILE0001.CHK[.mediaplex.com/]

Spyware:Cookie/QkSrv Not disinfected C:\FOUND.033\FILE0001.CHK[.qksrv.net/]

Spyware:Cookie/PayCounter Not disinfected C:\FOUND.033\FILE0001.CHK[.paycounter.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.033\FILE0001.CHK[.sextracker.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\FOUND.033\FILE0001.CHK[.adultfriendfinder.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.033\FILE0001.CHK[counter6.sextracker.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.033\FILE0001.CHK[.questionmarket.com/]

Spyware:Cookie/SexList Not disinfected C:\FOUND.033\FILE0001.CHK[.sexlist.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.033\FILE0001.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.033\FILE0001.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.033\FILE0001.CHK[.servedby.advertising.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.033\FILE0001.CHK[.realmedia.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.033\FILE0001.CHK[.belnk.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.033\FILE0001.CHK[.realmedia.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.033\FILE0001.CHK[.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.033\FILE0001.CHK[.dist.belnk.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.033\FILE0001.CHK[.realmedia.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.033\FILE0001.CHK[.atdmt.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.033\FILE0001.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.033\FILE0001.CHK[.adrevolver.com/]

Spyware:Cookie/Overture Not disinfected C:\FOUND.033\FILE0001.CHK[.overture.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.033\FILE0001.CHK[.fastclick.net/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.033\FILE0001.CHK[.trafficmp.com/]

Spyware:Cookie/Peel Not disinfected C:\FOUND.033\FILE0001.CHK[.peel.com/]

Spyware:Cookie/Bridgetrack Not disinfected C:\FOUND.033\FILE0001.CHK[citi.bridgetrack.com/]

Spyware:Cookie/Adserver Not disinfected C:\FOUND.033\FILE0001.CHK[.z1.adserver.com/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.033\FILE0001.CHK[.valueclick.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.033\FILE0001.CHK[.tribalfusion.com/]

Spyware:Cookie/Com.com Not disinfected C:\FOUND.033\FILE0001.CHK[.com.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.033\FILE0001.CHK[.casalemedia.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.033\FILE0001.CHK[.ath.belnk.com/]

Spyware:Cookie/BurstNet Not disinfected C:\FOUND.033\FILE0001.CHK[.burstnet.com/]

Spyware:Cookie/Falkag Not disinfected C:\FOUND.033\FILE0001.CHK[.as-us.falkag.net/]

Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.033\FILE0001.CHK[.bluestreak.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\FOUND.033\FILE0001.CHK[www.burstbeacon.com/]

Spyware:Cookie/WUpd Not disinfected C:\FOUND.033\FILE0001.CHK[.revenue.net/]

Spyware:Cookie/Zedo Not disinfected C:\FOUND.033\FILE0001.CHK[.zedo.com/]

Spyware:Cookie/Maxserving Not disinfected C:\FOUND.033\FILE0001.CHK[.maxserving.com/]

Spyware:Cookie/PointRoll Not disinfected C:\FOUND.033\FILE0001.CHK[.ads.pointroll.com/]

Spyware:Cookie/Bfast Not disinfected C:\FOUND.033\FILE0001.CHK[.bfast.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.033\FILE0001.CHK[statse.webtrendslive.com/]

Spyware:Cookie/Statcounter Not disinfected C:\FOUND.033\FILE0001.CHK[.statcounter.com/]

Spyware:Cookie/Atwola Not disinfected C:\FOUND.033\FILE0001.CHK[.atwola.com/]

Spyware:Cookie/2o7 Not disinfected C:\FOUND.033\FILE0001.CHK[.2o7.net/]

Spyware:Cookie/Apmebf Not disinfected C:\FOUND.033\FILE0001.CHK[.apmebf.com/]

Spyware:Cookie/CentrPort Not disinfected C:\FOUND.033\FILE0001.CHK[.centrport.net/]

Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.033\FILE0001.CHK[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.033\FILE0001.CHK[bs.serving-sys.com/]

Spyware:Cookie/Tickle Not disinfected C:\FOUND.033\FILE0001.CHK[.tickle.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.036\FILE0000.CHK[.atdmt.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.036\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.036\FILE0000.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.036\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.036\FILE0000.CHK[.doubleclick.net/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.036\FILE0000.CHK[.realmedia.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.036\FILE0000.CHK[.mediaplex.com/]

Spyware:Cookie/Adserver Not disinfected C:\FOUND.036\FILE0000.CHK[.z1.adserver.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.036\FILE0000.CHK[.fastclick.net/]

Spyware:Cookie/Adserver Not disinfected C:\FOUND.036\FILE0000.CHK[.z1.adserver.com/]

Spyware:Cookie/SexList Not disinfected C:\FOUND.036\FILE0000.CHK[.sexlist.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.036\FILE0000.CHK[.sextracker.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.036\FILE0000.CHK[counter6.sextracker.com/]

Spyware:Cookie/PayCounter Not disinfected C:\FOUND.036\FILE0000.CHK[.paycounter.com/]

Spyware:Cookie/BurstNet Not disinfected C:\FOUND.036\FILE0000.CHK[.burstnet.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.036\FILE0000.CHK[.casalemedia.com/]

Spyware:Cookie/2o7 Not disinfected C:\FOUND.036\FILE0000.CHK[.2o7.net/]

Spyware:Cookie/Apmebf Not disinfected C:\FOUND.036\FILE0000.CHK[.apmebf.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.036\FILE0000.CHK[.adrevolver.com/]

Spyware:Cookie/AdDynamix Not disinfected C:\FOUND.036\FILE0000.CHK[.ads.addynamix.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.036\FILE0000.CHK[.questionmarket.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.036\FILE0000.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.036\FILE0000.CHK[.valueclick.com/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.036\FILE0000.CHK[ad.yieldmanager.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.036\FILE0000.CHK[.trafficmp.com/]

Spyware:Cookie/Maxserving Not disinfected C:\FOUND.036\FILE0000.CHK[.maxserving.com/]

Spyware:Cookie/Peel Not disinfected C:\FOUND.036\FILE0000.CHK[.peel.com/]

Spyware:Cookie/Atwola Not disinfected C:\FOUND.036\FILE0000.CHK[.atwola.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.036\FILE0000.CHK[.belnk.com/]

Spyware:Cookie/WinFixer Not disinfected C:\FOUND.040\FILE0000.CHK

Spyware:Cookie/WinFixer Not disinfected C:\FOUND.041\FILE0000.CHK

Spyware:Cookie/WinFixer Not disinfected C:\FOUND.042\FILE0000.CHK

Spyware:Cookie/Falkag Not disinfected C:\FOUND.043\FILE0000.CHK[.as-us.falkag.net/]

Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.043\FILE0000.CHK[.doubleclick.net/]

Spyware:Cookie/YieldManager Not disinfected C:\FOUND.043\FILE0000.CHK[ad.yieldmanager.com/]

Spyware:Cookie/SexList Not disinfected C:\FOUND.043\FILE0000.CHK[.sexlist.com/]

Spyware:Cookie/cs.sexcounter Not disinfected C:\FOUND.043\FILE0000.CHK[.cs.sexcounter.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.043\FILE0000.CHK[.sextracker.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.043\FILE0000.CHK[counter4.sextracker.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.043\FILE0000.CHK[counter2.sextracker.com/]

Spyware:Cookie/Sextracker Not disinfected C:\FOUND.043\FILE0000.CHK[counter6.sextracker.com/]

Spyware:Cookie/2o7 Not disinfected C:\FOUND.043\FILE0000.CHK[.2o7.net/]

Spyware:Cookie/BurstNet Not disinfected C:\FOUND.043\FILE0000.CHK[.burstnet.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.043\FILE0000.CHK[.atdmt.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.043\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.043\FILE0000.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.043\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.043\FILE0000.CHK[.advertising.com/]

Spyware:Cookie/Advertising Not disinfected C:\FOUND.043\FILE0000.CHK[.servedby.advertising.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.043\FILE0000.CHK[.realmedia.com/]

Spyware:Cookie/Bridgetrack Not disinfected C:\FOUND.043\FILE0000.CHK[citi.bridgetrack.com/]

Spyware:Cookie/Atwola Not disinfected C:\FOUND.043\FILE0000.CHK[.atwola.com/]

Spyware:Cookie/FastClick Not disinfected C:\FOUND.043\FILE0000.CHK[.fastclick.net/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.043\FILE0000.CHK[.trafficmp.com/]

Spyware:Cookie/Statcounter Not disinfected C:\FOUND.043\FILE0000.CHK[.statcounter.com/]

Spyware:Cookie/Overture Not disinfected C:\FOUND.043\FILE0000.CHK[.overture.com/]

Spyware:Cookie/Valueclick Not disinfected C:\FOUND.043\FILE0000.CHK[.valueclick.com/]

Spyware:Cookie/PointRoll Not disinfected C:\FOUND.043\FILE0000.CHK[.ads.pointroll.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.043\FILE0000.CHK[.questionmarket.com/]

Spyware:Cookie/Peel Not disinfected C:\FOUND.043\FILE0000.CHK[.peel.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.043\FILE0000.CHK[statse.webtrendslive.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.043\FILE0000.CHK[statse.webtrendslive.com/dcslt9a2911e5h27gz9cy9xcg_5f1j]

Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.043\FILE0000.CHK[statse.webtrendslive.com/dcsvpyl66erp17368wkcsn8pc_4z5k]

Spyware:Cookie/Maxserving Not disinfected C:\FOUND.043\FILE0000.CHK[.maxserving.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.043\FILE0000.CHK[.casalemedia.com/]

Spyware:Cookie/Adserver Not disinfected C:\FOUND.043\FILE0000.CHK[.z1.adserver.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.043\FILE0000.CHK[.mediaplex.com/]

Spyware:Cookie/Zedo Not disinfected C:\FOUND.043\FILE0000.CHK[.zedo.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.043\FILE0000.CHK[.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.043\FILE0000.CHK[.dist.belnk.com/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.043\FILE0000.CHK[.belnk.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.043\FILE0000.CHK[.adrevolver.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.043\FILE0000.CHK[.bluestreak.com/]

Spyware:Cookie/Overture Not disinfected C:\FOUND.043\FILE0000.CHK[.perf.overture.com/]

Spyware:Cookie/PayCounter Not disinfected C:\FOUND.043\FILE0000.CHK[.paycounter.com/]

Spyware:Cookie/CentrPort Not disinfected C:\FOUND.043\FILE0000.CHK[.centrport.net/]

Spyware:Cookie/Belnk Not disinfected C:\FOUND.043\FILE0000.CHK[.ath.belnk.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.043\FILE0000.CHK[.tribalfusion.com/]

Spyware:Cookie/Adtech Not disinfected C:\FOUND.043\FILE0000.CHK[.adtech.de/]

Spyware:Cookie/Target Not disinfected C:\FOUND.043\FILE0000.CHK[.target.com/]

Spyware:Cookie/RealMedia Not disinfected C:\FOUND.043\FILE0000.CHK[.247realmedia.com/]

Spyware:Cookie/Tickle Not disinfected C:\FOUND.043\FILE0000.CHK[.tickle.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.043\FILE0000.CHK[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.043\FILE0000.CHK[bs.serving-sys.com/]

Spyware:Cookie/Apmebf Not disinfected C:\FOUND.043\FILE0000.CHK[.apmebf.com/]

Spyware:Cookie/WinFixer Not disinfected C:\FOUND.044\FILE0000.CHK

Spyware:Cookie/WinFixer Not disinfected C:\FOUND.045\FILE0000.CHK

Spyware:Cookie/WinFixer Not disinfected C:\FOUND.045\FILE0001.CHK

Adware:Adware/Gator Not disinfected C:\My Download Files\AGSetup0608.exe

Hacktool:Hacktool/HideItX Not disinfected C:\Win32\dll\Win32k.exe

[__RiP_ChAiN_]

Hello chase,

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Please download OTMoveIt by Oldtimer and save it to your desktop.

Run ATF Cleaner:

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:

• Please double-click OTMoveIt.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  

c:\temp\salm.log

c:\GatorPatch.log

C:\FOUND.044\FILE0000.CHK

C:\My Download Files\AGSetup0608.exe

C:\Win32\dll\Win32k.exe

• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  
• Close OTMoveIt
  

(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)

Click the red Moveit! button.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Reboot into Normal Mode.

In your next reply please include the following:

• A new Hijackthis log.
  
• The OTMoveIt log.
  

[chasedraney]

New HijackThis Log:

Logfile of HijackThis v1.99.1

Scan saved at 11:44:48 PM, on 9/17/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Eset\nod32krn.exe

C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Chase Draney\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162668820766

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

New OTMoveIt Log:

c:\temp\salm.log moved successfully.

c:\GatorPatch.log moved successfully.

C:\FOUND.044\FILE0000.CHK moved successfully.

C:\My Download Files\AGSetup0608.exe moved successfully.

C:\Win32\dll\Win32k.exe moved successfully.

Created on 09/17/2007 23:40:07

[__RiP_ChAiN_]

Hello chase,

Your logs are looking good, how is your computer running?

[chasedraney]

Hello chase,

Your logs are looking good, how is your computer running?

It's running very smoothly. Thanks for all your help

[__RiP_ChAiN_]

Hello chase,

Run OTMoveIt

• Click the green "CleanUp!" button.
  
• If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the Internet, you should allow it to do so.
  
• In the left pane, it will display a list of tools and other related files that you may have downloaded or used during our cleanup process, plus backup folders that were created with the bad files present. These are not needed anymore, so OTMoveIt will proceed to delete them.
  
• Do NOT edit anything in that window!
  
• Don't worry if it displays some tools you didn't download or use.
  
• Click "Yes" when it asks to begin the cleanup process.
  
• Then, please reboot your computer.
  You may remove all the tools that we had you download for the analysis and cleaning process. They are no longer needed.
  Congratulations, your computer is now clean of malware!
  Let's clean your restore points and set a new one:
  Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • 1. Turn off System Restore.
    • On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      Check Turn off System Restore.
      Click Apply, and then click OK.
      

  2. Restart your computer.

  3. Turn ON System Restore.

  • On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check Turn off System Restore.
    Click Apply, and then click OK.
    

System Restore will now be active again.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. 
      
   2. From within Internet Explorer click on the Tools menu and then click on Options.
      
   3. Click once on the Security tab
      
   4. Click once on the Internet icon so it becomes highlighted.
      
   5. Click once on the Custom Level button.
      
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
         
         
      9. Next press the Apply button and then the OK to exit the Internet Properties page.
         
         
         
      10. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
          See this link for a listing of some online & their stand-alone antivirus programs:
          Virus, Spyware, and Malware Protection and Removal Resources
          
      11. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
          
      12. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
          For a tutorial on Firewalls and a listing of some available ones see the link below:
          Understanding and Using Firewalls
          
      13. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
          
      14. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
          A tutorial on installing & using this product can be found here:
          Using SpywareBlaster to protect your computer from Spyware and Malware
          
      15. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
          
          Follow this list and your potential for being infected again will reduce dramatically.
          here are some additional utilities that will enhance your safety
          • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
            
          • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
            
          • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
            
          • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
            Using Winpatrol to protect your computer from malicious software
            

[Besttechie]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.