Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo.rds Redirecting And Slow Page Loading Hjt Log Inside


  • This topic is locked This topic is locked
6 replies to this topic

#1 uglybaby

uglybaby

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 21 February 2008 - 04:32 PM

Hello. I'm hoping for some help. When using Yahoo.com to search for links I am continually redirected to biz shopping googlexxx sites rather than the actual link. I am also having problems with forums having slow load times in which an address such as "googlepagead...etc" is displayed on the bottom of the screen. The hang time can be up to a minute or more. This happens on multiple sites so I assume it is my comp. I have read the FAQ and done all that is asked with the exception of the Macaffee program as I've had a bad experience with them before. Here is my hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:30 PM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\DVDToolsetc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "F:\program files\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ZoneAlarm Pro.lnk = F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4201 bytes
I hope I've done this correctly and am thankful for any help or suggestions. Thanks.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:02 PM

Posted 21 February 2008 - 05:27 PM

Hello uglybaby ( :blink: ),

Welcome to Bleeping Computer :thumbsup:

I don't see anything apparent in your log, so if you're still getting redirects, we'll have to run something else.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 uglybaby

uglybaby
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 22 February 2008 - 06:26 PM

Thanks for the quick response. Upon reviewing this forum I'm amazed at the amount of posts that you all are able to respond to. That said, I used the ATF program recommended and already have AVG antivirus installed and run it everyday. It has found some infections recently, but "healed" them with no problems. I'm still encountering the same problems in my initial post and am wondering if there is anything else that I can do. Thanks very much for you time and patience.
Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:55 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\DVDToolsetc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "F:\program files\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ZoneAlarm Pro.lnk = F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4232 bytes
AVG log

<rec time="2008/02/22 18:47:01" user="David Barillaro" source="Virus">
<value>@HL_ActionTakenFailed</value>
<attr name="filename">C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\Cache\525AB3BCd01</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
I don't know if this is the log you want. I couldn't find an option for anything looking like the HJT log in Notepad. Obviously the virus didn't heal this time. What next?
</history>

Edited by uglybaby, 22 February 2008 - 06:50 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:02 PM

Posted 22 February 2008 - 11:58 PM

Hello there,

If you'll look at my directions you'll see that I asked for AVG AntiSpyware. It's a totally different program than AVG AntiVirus. :thumbsup: Please don't apologize, and it isn't a problem. :wacko: It happens all the time. :blink:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 uglybaby

uglybaby
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 23 February 2008 - 08:32 AM

"Dooohh!" Homer Simpson voice....Thanks.
Here is the AVG Antispyware log
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned.
H:\WINDOWS\SbCIe0261.dll -> Adware.SideStep : Cleaned.
:mozilla.6:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.255:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\David Barillaro\Cookies\david barillaro@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.87:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.88:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.89:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.90:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.91:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.20:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\David Barillaro\Cookies\david barillaro@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.37:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.38:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.85:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.86:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.111:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.225:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.226:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.229:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.57:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.58:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.130:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.61:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.62:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.63:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.68:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.69:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.70:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.145:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.146:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.147:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.148:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.71:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.207:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.100:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.73:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.74:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.75:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.76:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.165:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.166:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.167:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.168:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.231:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.186:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.78:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.220:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.204:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.205:C:\Documents and Settings\David Barillaro\Application Data\Mozilla\Firefox\Profiles\cordqd5k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\David Barillaro\Cookies\david barillaro@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.93:H:\WINDOWS\Application Data\Mozilla\Profiles\default\po85vnmk.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Edited by uglybaby, 23 February 2008 - 09:50 AM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:02 PM

Posted 25 February 2008 - 02:57 PM

Hello,

Hope you had a nice weekend. :blink: Woo Hoo!! (Homer Simpson voice) :thumbsup: That one was good. :wacko: How is it running please? Still getting the redirects?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:02 PM

Posted 05 March 2008 - 04:00 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users