Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups And Slow Running Computer


  • Please log in to reply
28 replies to this topic

#1 Zoki

Zoki

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 25 May 2007 - 12:54 AM

Hello all.
I am pretty much computer illiterate, so I don't really have an idea of what's wrong with my computer.

I use Trend Micro PC-Cillin as my virus protection, and every so often I get a message saying that it found spyware on my system. It is usually virtumondo or something else that I thought I'd already removed.

I also get a lot of popups that try to come up when I'm not even online. The address I saw on one of them was something like: www.anaema.com. I also received one (about a minute ago) about WinAntiVirus Pro 2006.

I'm sorry if this is vague and confusing, but I'm really not sure what it going on.

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:49:49 AM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kiera\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5060912
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinfernoUpdate] "C:\Program Files\Common Files\Winferno\WSCUpdtr.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {C7112EF1-D5B6-421D-8F58-8FA63AB144F8} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...023/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B466E4FE-758C-40B7-932B-233E22B6C800}: NameServer = 205.188.146.145
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Edited by Zoki, 25 May 2007 - 12:57 AM.


BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:47 PM

Posted 25 May 2007 - 02:04 AM

Hello and welcome aboard :thumbsup:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Hi there, stranger!

#3 Zoki

Zoki
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 25 May 2007 - 11:51 PM

I get an error page when I click the vundofix.exe link.
I got the same error when I did a google search for it.
The error page is saying that the page is taking too long to respond.

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:47 PM

Posted 26 May 2007 - 05:55 AM

Try downloading the attachment please :thumbsup:
Hi there, stranger!

#5 Zoki

Zoki
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 28 May 2007 - 03:20 PM

Thank you for all the help.
I'm still getting popups. Does that mean there is still something wrong with my computer?


vundofix.txt


VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 3:39:38 PM 5/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxxvuu.dll
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\dunyvfwu.dll
C:\WINDOWS\system32\mgsmyaev.dll
C:\WINDOWS\system32\uwfvynud.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\byxxvuu.dll
C:\WINDOWS\system32\byxxvuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddccc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dunyvfwu.dll
C:\WINDOWS\system32\dunyvfwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mgsmyaev.dll
C:\WINDOWS\system32\mgsmyaev.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwfvynud.ini
C:\WINDOWS\system32\uwfvynud.ini Has been deleted!

Performing Repairs to the registry.
Done!



HijackThis log



Logfile of HijackThis v1.99.1
Scan saved at 4:05:58 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kiera\Desktop\HijackThis\HijackThis.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5060912
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15973D11-E2CF-4977-8963-7522FDAF1BC6} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: 0 - {39E71349-46FE-45CE-3CB1-3AF4E30C6682} - C:\Program Files\Messenger\qulabup.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinfernoUpdate] "C:\Program Files\Common Files\Winferno\WSCUpdtr.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {C7112EF1-D5B6-421D-8F58-8FA63AB144F8} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...023/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Edited by Zoki, 28 May 2007 - 03:22 PM.


#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:47 PM

Posted 29 May 2007 - 02:33 AM

Go ahead and delete VundoFix. And yes, you still have infections left

Lets continue.

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-select "Only if threats were found"
Close AVG Anti-Spyware, DO NOT run a scan just yet, we will shortly.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please run a scan with HijackThis. Check the following objects for removal:

O2 - BHO: (no name) - {15973D11-E2CF-4977-8963-7522FDAF1BC6} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: 0 - {39E71349-46FE-45CE-3CB1-3AF4E30C6682} - C:\Program Files\Messenger\qulabup.dll (file missing)
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O9 - Extra button: (no name) - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - (no file)
O9 - Extra button: (no name) - {C7112EF1-D5B6-421D-8F58-8FA63AB144F8} - (no file)
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.sxload.net (HKLM)


Close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

==
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post back with the AVG Anti-Spyware results. :thumbsup:

Hi there, stranger!

#7 Zoki

Zoki
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 29 May 2007 - 10:59 PM

Thanks so much.
After I did the scan I got a trend micro message about another trojan. Is that bad?

Here is the AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:20:21 PM 5/29/2007

+ Scan result:



C:\WINDOWS\system32\jigcsucx.dll -> Adware.BHO : Cleaned with backup (quarantined).
HKU\S-1-5-21-1480562709-3532681340-1246707794-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034341.exe -> Adware.SpyLocked : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lb66.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lb66.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lb66.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP193\A0030821.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP216\A0038390.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxxvuu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fccawvw.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gebbxya.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yayywxu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lb2.exe -> Adware.WebBuying : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lib67.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028904.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP207\A0034753.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP212\A0038010.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\updater.exe.tmp -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\Documents and Settings\Kiera\Local Settings\Temp\YazzleBundle-1281.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP207\A0034697.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
:mozilla.445:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.446:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.447:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.448:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.449:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.450:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.451:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.452:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.453:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.454:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.455:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.456:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.457:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.458:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.459:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.460:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.461:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.462:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.463:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.464:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.465:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.466:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.467:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.468:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.469:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.470:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.471:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.472:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.473:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.474:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.475:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.476:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.477:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.478:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.479:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.480:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.481:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.482:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.483:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.484:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.485:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.486:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.487:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.488:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.489:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.490:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.491:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.492:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.493:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.494:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.495:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.567:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.639:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.681:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.691:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.718:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.719:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.725:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.771:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.840:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.104:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.105:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.106:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.110:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.112:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.113:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.114:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.393:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.512:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.205:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.207:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.231:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.232:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.233:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.843:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.284:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.288:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.289:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.145:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.146:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.147:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.149:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.150:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.151:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.389:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.119:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.120:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.121:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.123:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.257:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.258:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.259:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.303:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.304:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.305:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.307:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.327:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.851:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.852:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.237:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.238:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.427:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.832:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.833:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.834:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.835:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.836:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.423:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.680:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.682:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.224:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.516:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.517:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.518:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.519:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.688:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.689:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.690:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.10:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.6:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.7:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.209:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.210:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.211:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.212:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.213:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.214:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.215:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.346:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.347:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.348:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.349:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.350:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.351:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.352:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.575:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.576:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.577:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.578:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.579:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.580:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.581:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kiera\Cookies\kiera@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.551:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.705:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.706:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.707:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.708:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.709:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.513:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.514:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.515:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.726:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.727:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.728:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.729:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.730:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.285:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.286:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.287:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.760:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.761:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.762:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.763:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.764:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.765:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.766:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.767:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.770:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.378:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.379:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.124:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.125:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.126:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028895.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:47 PM

Posted 30 May 2007 - 05:15 AM

Whats the name of the trojan Trend Micro reported?

Please post a fresh HijackThis log :thumbsup:
Hi there, stranger!

#9 Zoki

Zoki
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 May 2007 - 11:34 AM

Here's the virus log:
5/30/2007
Source type: File
Virus name: ADW_VIRTUMOND.IA
File Name: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP217\A0038492.dll
First Action: Deny Access

5/29/07
Source Type: File
Virus Name: TROJ_DLOADER.MRF
File Name: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP212\A0038011.exe
First Action: Quarantine Success

And the Hijack this logfile:


Logfile of HijackThis v1.99.1
Scan saved at 12:19:20 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccLog.exe
C:\Documents and Settings\Kiera\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5060912
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinfernoUpdate] "C:\Program Files\Common Files\Winferno\WSCUpdtr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...023/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B466E4FE-758C-40B7-932B-233E22B6C800}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:47 PM

Posted 31 May 2007 - 02:50 AM

Surf here: http://virustotal.com

Upload this file and submit it for scanning; please wait until all the scanners are finished, be patient it might take while. Once they are ready, please copy/paste the results in your next reply.

C:\Program Files\Common Files\Winferno\WSCUpdtr.exe
Hi there, stranger!

#11 Zoki

Zoki
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 31 May 2007 - 12:04 PM

Here you go:

Complete scanning result of "WSCUpdtr.exe", received in VirusTotal at 05.31.2007, 18:42:26 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 05.31.2007 no virus found
AntiVir 7.4.0.29 05.31.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.30.2007 no virus found
AVG 7.5.0.467 05.30.2007 no virus found
BitDefender 7.2 05.31.2007 no virus found
CAT-QuickHeal 9.00 05.31.2007 no virus found
ClamAV devel-20070416 05.31.2007 no virus found
DrWeb 4.33 05.31.2007 no virus found
eSafe 7.0.15.0 05.31.2007 no virus found
eTrust-Vet 30.7.3679 05.31.2007 no virus found
Ewido 4.0 05.31.2007 no virus found
FileAdvisor 1 05.31.2007 no virus found
Fortinet 2.85.0.0 05.31.2007 no virus found
F-Prot 4.3.2.48 05.30.2007 no virus found
F-Secure 6.70.13030.0 05.31.2007 no virus found
Ikarus T3.1.1.8 05.31.2007 no virus found
Kaspersky 4.0.2.24 05.31.2007 no virus found
McAfee 5043 05.31.2007 no virus found
Microsoft 1.2503 05.31.2007 no virus found
NOD32v2 2301 05.31.2007 no virus found
Norman 5.80.02 05.31.2007 no virus found
Panda 9.0.0.4 05.31.2007 no virus found
Prevx1 V2 05.31.2007 no virus found
Sophos 4.18.0 05.31.2007 no virus found
Sunbelt 2.2.907.0 05.30.2007 no virus found
Symantec 10 05.31.2007 no virus found
TheHacker 6.1.6.127 05.31.2007 no virus found
VBA32 3.12.0 05.30.2007 no virus found
VirusBuster 4.3.23:9 05.31.2007 no virus found
Webwasher-Gateway 6.0.1 05.31.2007 no virus found

Aditional Information
File size: 1482752 bytes
MD5: 21e5b20561d9c06de8b3ee8d6ea46f70
SHA1: beefc0074b00d5ecc2ea6b3f2c2a7ab3c55d39b1

Edited by Zoki, 31 May 2007 - 12:06 PM.


#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:47 PM

Posted 02 June 2007 - 07:15 AM

Sorry for the delay...

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

Hi there, stranger!

#13 Zoki

Zoki
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 05 June 2007 - 04:24 PM

When I get to the page I accept the ActiveX installation, but nothing else happens after that. I don't get a window that asks where to save and install Panda. I am using AOL/Firefox if that makes a difference.

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:47 PM

Posted 07 June 2007 - 03:56 AM

I'm not sure if it would work with AOL browser, but it wont work with Firefox.

Try with the original Internet Explorer please :thumbsup:
Hi there, stranger!

#15 Zoki

Zoki
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 11 June 2007 - 11:22 AM

Sorry for the delay.
Here you go:


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.atwola.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kiera\Application Data\Mozilla\Firefox\Profiles\s68owphy.default\cookies.txt[.go.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kiera\Cookies\kiera@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kiera\Cookies\kiera@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kiera\Cookies\kiera@atwola[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kiera\Cookies\kiera@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kiera\Cookies\kiera@questionmarket[1].txt
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Kiera\Local Settings\Temp\CmarP1065.exe
Virus:Malware Generic Disinfected C:\Documents and Settings\Kiera\Local Settings\Temp\installdrivecleanerstart.exe
Potentially unwanted tool:Application/Service9x Not disinfected C:\drivers\printer\725\drivers\Win_XP2K\i386\dlcftime.dl_[C:\drivers\printer\725\drivers\Win_XP2K\i386\dlcftime.dll]
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1480562709-3532681340-1246707794-1005\Dc8.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mgsmyaev.dll.bad
Potentially unwanted tool:Application/ViewPoint Not disinfected C:\WINDOWS\Temp\0\Private\Vendor\ProgFiles\ViewBarBHO.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users