Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UAC Virus/Malware


  • Please log in to reply
5 replies to this topic

#1 avianofyrfyter

avianofyrfyter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 July 2009 - 05:36 AM

I keep running Anti-virus and it pops up with UAC viruses but I can't delete them. It is the exact same problem that McClainJa encountered (with Yahoo hijacks, unable to System Restore/Recover, etc.) that SifuMike responded to. I have copy/pasted the DDS report below and attached the other report as requested. Thanks for your help!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Dave and Jenn at 11:29:08.32 on Sun 07/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.324 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Dave and Jenn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {500BCA15-57A7-4eaf-8143-8C619470B13D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davean~1\applic~1\mozilla\firefox\profiles\g6urcigc.default\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-6 214024]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-6 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-6 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-6 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-6 40552]

=============== Created Last 30 ================

2009-07-12 09:14 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-11 11:44 <DIR> --d----- c:\docume~1\davean~1\applic~1\Symantec
2009-07-11 11:44 <DIR> --d----- c:\docume~1\davean~1\applic~1\Intuit
2009-07-11 11:44 <DIR> --d----- c:\documents and settings\Dave and Jenn
2009-07-11 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-07-11 11:23 8,212 a------- c:\windows\mfebcdata
2009-07-10 10:09 <DIR> --d----- C:\temp
2009-07-06 11:21 <DIR> --d----- C:\EPSONREG
2009-07-06 11:19 258,352 a------- c:\windows\system32\unicows.dll
2009-07-06 11:19 11,776 a------- c:\windows\system32\drivers\afc.sys
2009-07-06 11:19 212,480 a------- c:\windows\PCDLIB32.DLL
2009-07-06 11:19 126,976 a------- c:\windows\system32\PhotoImpression Slideshow.scr
2009-07-06 11:19 <DIR> --d----- c:\windows\system32\PhotoImpression Slideshow
2009-07-06 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-07-06 11:17 <DIR> --d----- c:\program files\epson
2009-07-06 11:17 67,072 a------- c:\windows\system32\escwiad.dll
2009-07-06 11:16 44 a------- c:\windows\EPCX8400.ini
2009-06-17 21:04 <DIR> --d----- c:\program files\AVG
2009-06-16 19:06 <DIR> --d----- c:\windows\wt
2009-06-12 15:13 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-12 15:11 <DIR> --d----- C:\03f180308d79fdfb8f771d70
2009-06-12 15:11 <DIR> --d----- C:\b25d0e4848bac5a8591212
2009-06-12 14:12 127 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-06-02 18:50 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 16:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 22:03 129,784 -------- c:\windows\system32\pxafs.dll
2009-05-01 22:03 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-01 22:03 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-01 22:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 22:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 22:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 22:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 22:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 22:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 22:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 05:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 05:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 05:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 05:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 05:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 05:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 05:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 05:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 05:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 10:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 10:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 06:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 06:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 13:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 15:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-17 02:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031720090318\index.dat

============= FINISH: 11:30:10.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 14 July 2009 - 03:12 PM

We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the combofix log and a new HijackThis log as a reply to this topic.

#3 avianofyrfyter

avianofyrfyter
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 15 July 2009 - 02:17 PM

Thank you for your help! It found a bunch of stuff! Below are the log reports for the ComboFix and HJT. Please let me know what the next step is.

Attached Files



#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 15 July 2009 - 04:48 PM

Please try to avoid posting logs as attachments, it makes them harder to deal with.

You do not appear to be running a realtime antivirus, this is leaving you open to infection
Please install one of the following free antivirus programs:Note: The above programs are free only for personal, non-commercial use.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post back with the Malwarebytes' Anti-Malware log and a new DDS log.

#5 avianofyrfyter

avianofyrfyter
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 17 July 2009 - 04:40 PM

Malwarebytes' Anti-Malware 1.39
Database version: 2452
Windows 5.1.2600 Service Pack 3

7/17/2009 10:31:56 PM
mbam-log-2009-07-17 (22-31-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 158053
Time elapsed: 37 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\system32\UACagklealnbrstqih.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UAConovvprbqvfouku.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACuwveutkyjacxdjs.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACyoyrgbppmnmwoac.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\UACnfhikymecrrjelb.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP88\A0033764.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP88\A0033765.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP88\A0033767.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP88\A0033768.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP88\A0033769.dll (Trojan.TDSS) -> Quarantined and deleted successfully.




_____________________________________________________________________________________________________________________



"Scan ""Scan whole computer"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, July 17, 2009, 8:15:23 PM"
"Scan finished:";"Friday, July 17, 2009, 9:33:40 PM (1 hour(s) 18 minute(s) 17 second(s))"
"Total object scanned:";"486281"
"User who launched the scan:";"Dave and Jenn"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7rm403w.default\cookies.sqlite";"Found ";"Healed"
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7rm403w.default\cookies.sqlite:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7rm403w.default\cookies.sqlite:\revsci.net.2df99d79";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7rm403w.default\cookies.sqlite:\revsci.net.44927ec";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7rm403w.default\cookies.sqlite:\revsci.net.55564293";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7rm403w.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.7247c262";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite";"Found ";"Healed"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\247realmedia.com.855b46d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\2o7.net.1b9aaf1c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\2o7.net.31ff7e0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\2o7.net.9669b174";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\2o7.net.ec5ca726";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\adrevolver.com.4a719aa9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\adrevolver.com.9b9d670a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\adrevolver.com.b595d4db";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\adrevolver.com.f6cfcad4";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\casalemedia.com.156cbc67";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\casalemedia.com.1773afc";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\casalemedia.com.3a28db8d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\casalemedia.com.fb62dd4b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\media.adrevolver.com.2be00b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\revsci.net.2df99d79";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\advertising.com.1820df7a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\advertising.com.1dfa2206";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\adviva.net.39ec90c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\advertising.com.203aa218";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\advertising.com.f62113d5";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\adviva.net.85256b16";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\advertising.com.525a5fb9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\advertising.com.b624fa46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\atdmt.com.7247c262";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\fastclick.net.94ca190b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\fastclick.net.c38980e4";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\media.adrevolver.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\media.adrevolver.com.57f415b5";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\media.adrevolver.com.7fd89687";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\mediaplex.com.f652b123";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\overture.com.52ca467a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\revsci.net.44927ec";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\revsci.net.55564293";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\overture.com.d727de6f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\realmedia.com.125a868c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\realmedia.com.855b46d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\realmedia.com.e14be39e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\serving-sys.com.400f83f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tacoda.net.27341d57";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tacoda.net.4366831a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tacoda.net.5935e89";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tribalfusion.com.5eef93d0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tribalfusion.com.7610f0e0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tribalfusion.com.8b22ad8c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tribalfusion.com.9bc3e98f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Application Data\Mozilla\Firefox\Profiles\g6urcigc.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@2o7[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@2o7[2].txt:\2o7.net.173e5f42";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@ad.yieldmanager[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adrevolver[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adrevolver[2].txt:\adrevolver.com.4a719aa9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adrevolver[2].txt:\adrevolver.com.b595d4db";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adtech[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adtech[2].txt:\adtech.de.a9245469";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adtech[2].txt:\adtech.de.be322aee";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@advertising[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@advertising[2].txt:\advertising.com.1820df7a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@advertising[2].txt:\advertising.com.203aa218";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@advertising[2].txt:\advertising.com.525a5fb9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@advertising[2].txt:\advertising.com.b624fa46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@advertising[2].txt:\advertising.com.f62113d5";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adviva[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adviva[2].txt:\adviva.net.39ec90c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@adviva[2].txt:\adviva.net.85256b16";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@atdmt[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@atdmt[1].txt:\atdmt.com.7247c262";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@bs.serving-sys[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@burstbeacon[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@burstbeacon[2].txt:\burstbeacon.com.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@burstnet[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@burstnet[1].txt:\burstnet.com.a3218a37";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@burstnet[1].txt:\burstnet.com.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@doubleclick[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@doubleclick[1].txt:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@fastclick[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@fastclick[1].txt:\fastclick.net.8a6435e9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@fastclick[1].txt:\fastclick.net.8dd1284a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@fastclick[1].txt:\fastclick.net.9b41aa53";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@fastclick[1].txt:\fastclick.net.c38980e4";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@m.webtrends[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@media.adrevolver[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@media.adrevolver[2].txt:\media.adrevolver.com.2be00b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@media.adrevolver[2].txt:\media.adrevolver.com.7fd89687";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@mediaplex[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@mediaplex[1].txt:\mediaplex.com.f652b123";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@msnportal.112.2o7[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@revsci[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@revsci[2].txt:\revsci.net.44927ec";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@revsci[2].txt:\revsci.net.2df99d79";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@revsci[2].txt:\revsci.net.55564293";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@revsci[2].txt:\revsci.net.e9dbeb91";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@serving-sys[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@serving-sys[1].txt:\serving-sys.com.400f83f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@tribalfusion[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt:\zedo.com.27f1639b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt:\zedo.com.a5b6a132";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt:\zedo.com.c1dd09f2";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt:\zedo.com.cef1c7af";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt:\zedo.com.dd15d628";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt:\zedo.com.f1d14556";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt:\zedo.com.f462b69f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Dave and Jenn\Cookies\dave_and_jenn@zedo[2].txt:\zedo.com.ff8ec9c0";"Found ";"Moved to Virus Vault"


Please let me know if this is what you needed. Thanks for all your help so far.

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 18 July 2009 - 06:39 PM

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Install and use a firewall with outbound protection
    While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
    I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall or Online armor
    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users