Start a Conversation

Unsolved

This post is more than 5 years old

5581

August 3rd, 2009 00:00

Virus in [Filename]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:38 AM, on 8/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe
O23 - Service: lxdc_device -   - C:\Windows\system32\lxdccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9226 bytes





 I performed a "SCAN" using Mcafee Anti-virus. I got a 2 yr subsription with McAfee when I purchased my PC from Dell this pass January of 2009. So, it is the "retail version"(probably not as good). Anyway, as I was saying, I performed a scan, and it stopped only after 75% of the way through. When it stopped, an error message popped up that said, "McAfee virus scan on-demand scanner has encountered problems and needs to close." So, I closed and tried once more only to get the same message after 75% in the process. I tried once more...same thing.

That's when I started a "CHAT line" with a lady. She said she needed to analyze my PC remotely. A few minutes later she informed me I had a "Malious Trojan". That was all the information she gave me. She told me that McAfee could remotely remove the Trojan for $89.00, but, I am sure most will agree at this time in need, "Money don't grow on trees."

I decided to do a "System Health Report" hoping I could get answers. I think I attached it. It may be helpful reviewing it. The Health Report addressed issues regarding the Anti-virus. When you open it scroll to the section "Anti-virus Information". There it says, "The Security Center has not recorded an anti-virus product". It further says, "The Security Center is unable to identify an active antivirus application. Either there is no antivirus product installed or it is not recognized".

Well, I know the McAfee anti-virus is in the system because I uninstalled it and reinstalled it. After I reinstalled it, I performed a "SCAN", and it scanned to 100% complete, but did not locate the first piece of adware or anything. I feel it should have discovered something if it was working properly, especially since the lady at McAfee said earlier I had a Trojan.

Next thing I did was try to figure out why this negative information was being concluded on my "Health Report". I searched online and found a link that says "McAfee and Windows Defender are not compatible", i.e. if one is on the other will possibly not perform as should. This is that link

http://social.answers.microsoft.com/Forums/en-US/vistasecurity/thread/574fb871-034c-4b42-b800-328af16a9177

After I read this link, I decided to disable 'Windows Defender" restart my PC and see if that fixed the problem. So, I ran the "System Health Report", but unfortunately I received the same message as before.

About a week or two ago I downloaded a few freeware program. I was a little skeptical but still did it. Theses freeware programs consist of the following names: "Convert VOB to AVI". Aother program was, DVDx, Auto GK, Xvid. I also downloaded an Ac3 Codec. I tried to uninstall all these programs but they would not uninstall. They all say they "Don't have a Unins000.dat file". As far as the Ac3 codec, well I can not find it anywhere on my PC, but I know I downloaded it.

Also, viewing my "Program Files (x86) folder", there is a folder labeled "Gabest". I looked it up on the internet and the page said the following:
Gabest Media Player Classic Description
"It is an illegal advertising application that secretly works in background and shows undesirable commercial information. Gabest Media Player Classic shows advertisements in numerous pop-ups, web browser windows or toolbars. It can get into the computer from unsafe web sites. Some ad-supported softwares include it as a component. Gabest Media Player Classic doesn't possess any serious threat to the computer security, but may severely violate user privacy."
http://www.spywareremove.com/removeGabestMediaPlayerClassic.html

I don't remember downloading "Gabest", and I don't think I did.
I almost forgot, the lady from McAfee did tell me the mcod.exe was a Trojan, and I discovered that on my own when the "McAfee virus scan on-demand scanner has encountered problems and needs to close" error popped up.
As far as a Trojan...Well, I don't know. The lady working at McAfee said I had one but that could have been a sales pitch. I do know something is not right about my PC, and I do think it is infected, but since my McAfee Anti-virus finds nothing I can;t give you the information you requested. I know no way to narrow the search down in order to single the "Virus" out.
Maybe you can look at the "System Health Report", and that will raise ideas. If you still want me to perform the instructions in the reply you sent before this one, I will. Then I'll inform you of result.

20.5K Posts

August 3rd, 2009 04:00

Welcome :)

Are you sure the filename was mcod.exe and not mcods.exe? At this point McAfee is not running, so we'll have to find out why.

Gabest supposedly shows advertisements in numerous pop-ups, web browser windows or toolbars. Have you had any of those symptoms? It may have been installed with that freeware that you downloaded.

I'm wondering if McAfee is corrupt and needs a reinstall, but first let's check some logs so we can see if you in fact have malware on there.

While I am reviewing this log, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

I look forward to your reply so we can continue.

 

29 Posts

August 3rd, 2009 13:00

Once again thank you for your assistance

Before we get started in removing possible malware problems, could you confirm that this process is safe and that there is no personal information exposed such as, financial etc. etc.? I just want to safeguard items that are considered personal.

Thanks for your patience, and your help is very much needed :emotion-1:

20.5K Posts

August 3rd, 2009 14:00

I understand your concern. You will be able to review the logs before you post them. You will see filenames and usernames of people who have user accounts as listed on your computer (Example: c:\users\Bob\appdata\roaming\mozilla\firefox\profiles\)   We will not see names on bank accounts or credit card accounts and/or those numbers, passwords, etc.. Our goal is security and it would be counter-productive to put you at risk.

If you are uncomfortable, look at  some of the other threads in this forum and you will see the logs from various tools that we might be using.

We have had folks who did not want their last name online if that shows up in users (assuming the users have entered last names here: c:\users\Bob\appdata\)  If that is what you are concerned about simply remove only the last name. Please do not edit anything else, though. Please let me know if you edit any names.  Our tools will not be able to find files it you rename them! One text character omitted, changed, or added to a filename can be disastrous if we have to write some script. I hope we can get this resolved so we do not have to do that, but I should warn you anyway.


 

29 Posts

August 4th, 2009 01:00

Well I think I might have prevented you guys from detecting anything in my PC. Okay, what I did, which now I think it was the wrong thing to do.

I purchased a different anti-virus/ anti-spyware program today. The program is called "AVG Anti-Virus & Anti-Spyware". As I was telling you in prior posts, I would run a scan with my McAfee program and have no results in locating viral activity (Zero quarantine). So, I figured I would uninstall McAfee and install the new AVG program, then run a scan. After the scan with AVG, I was going to create another file log using "Highjack This", but when I tried to run the scan, it refused by bringing up the previous log file (the log file already posted in previous post).

Sorry, I don't know if I can create a new log file since I have already performed that type of scan. If there is a way to do so, please let me know.


As I was saying, the McAfee program hasn't detected any form of Cookie, worm, trojan, etc. After I uninstalled McAfee and installed the new program AVG, I ran a scan. I was very surprised. The following are the results of the activity AVG found.......


"Results after scanning whole computer"

Scan was finished.
No infection was found during this scan
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Monday, August 03, 2009, 11:21:10 PM"
Scan finished:;"Tuesday, August 04, 2009, 12:49:24 AM (1 hour(s) 28 minute(s) 14 second(s))"
Total object scanned:;"732562"
User who launched the scan:;"Randy"

Warnings
File;"Infection";"Result"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@247realmedia[2].txt;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@247realmedia[2].txt:\247realmedia.com.125a868c;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@247realmedia[2].txt:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@247realmedia[2].txt:\247realmedia.com.964cd308;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@247realmedia[2].txt:\247realmedia.com.ef906bac;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@2o7[1].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@2o7[1].txt:\2o7.net.2416e176;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@2o7[1].txt:\2o7.net.52552b50;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@adrevolver[2].txt;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@adrevolver[2].txt:\adrevolver.com.9b9d670a;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@adrevolver[2].txt:\adrevolver.com.f6cfcad4;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@advertising[2].txt;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@advertising[2].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@advertising[2].txt:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@advertising[2].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@burstnet[2].txt;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@burstnet[2].txt:\burstnet.com.a3218a37;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@burstnet[2].txt:\burstnet.com.c4fe2ebb;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@doubleclick[2].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@doubleclick[2].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@fastclick[2].txt;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@fastclick[2].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@fastclick[2].txt:\fastclick.net.8dd1284a;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@fastclick[2].txt:\fastclick.net.94ca190b;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@fastclick[2].txt:\fastclick.net.9b41aa53;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@fastclick[2].txt:\fastclick.net.c38980e4;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@media.adrevolver[1].txt;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@media.adrevolver[1].txt:\media.adrevolver.com.7fd89687;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@perf.overture[1].txt;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@perf.overture[1].txt:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@realmedia[2].txt;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@realmedia[2].txt:\realmedia.com.125a868c;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@realmedia[2].txt:\realmedia.com.855b46d;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@revsci[2].txt;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@revsci[2].txt:\revsci.net.50e13b1b;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@revsci[2].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@revsci[2].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@revsci[2].txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@statse.webtrendslive[2].txt;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@statse.webtrendslive[2].txt:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@trafficmp[2].txt;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@trafficmp[2].txt:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@trafficmp[2].txt:\trafficmp.com.f3e5803e;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@tribalfusion[2].txt;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@tribalfusion[2].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@zedo[1].txt;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@zedo[1].txt:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@zedo[1].txt:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\randy@zedo[1].txt:\zedo.com.ff8ec9c0;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@2o7[1].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@2o7[1].txt:\2o7.net.52552b50;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@2o7[2].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@2o7[2].txt:\2o7.net.2416e176;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@2o7[2].txt:\2o7.net.52552b50;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@doubleclick[1].txt:\doubleclick.net.1d39bd48;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@m.webtrends[1].txt;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@perf.overture[1].txt;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@perf.overture[1].txt:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@zedo[1].txt;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\randy@zedo[1].txt:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite;"Found Tracking cookie.Doubleclick";"Healed"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\247realmedia.com.125a868c;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\247realmedia.com.49651c45;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\247realmedia.com.7363636b;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\247realmedia.com.b4c2ad0b;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.2416e176;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.2f7bcb9b;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.3b319f5b;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\247realmedia.com.d90d45cf;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.4fbaf5a1;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.51705b36;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.64cf934e;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.757ba756;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.8fc88f10;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.9f8b156b;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.a9b49f05;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.ae5b0007;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.ac130bcf;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.bf62af4f;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.c6def732;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.d3be3995;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.e31bc356;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.e802a7ab;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.eb284990;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.f541978a;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\2o7.net.fe68ad81;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\ad.yieldmanager.com.cf5393df;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\adbrite.com.44f92a69;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\adbrite.com.557c9f74;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\adrevolver.com.9b9d670a;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\adrevolver.com.f6cfcad4;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\advertising.com.1dfa2206;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\advertising.com.7ae8f949;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\bluestreak.com.bf396750;"Found Tracking cookie.Bluestreak";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\burstbeacon.com.c4fe2ebb;"Found Tracking cookie.Burstbeacon";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\burstnet.com.27341d57;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\burstnet.com.a3218a37;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\burstnet.com.c4fe2ebb;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\casalemedia.com.156cbc67;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\casalemedia.com.1773afc;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\casalemedia.com.3a28db8d;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\casalemedia.com.650648e8;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\casalemedia.com.80ad4799;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\casalemedia.com.987e6b46;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\enhance.com.2ff9c31e;"Found Tracking cookie.Enhance";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\fastclick.net.94ca190b;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\casalemedia.com.12e6c053;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\dealtime.com.48a2428c;"Found Tracking cookie.Dealtime";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\fastclick.net.8dd1284a;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\fastclick.net.9b41aa53;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\gamershell.com.13a6979d;"Found Tracking cookie.Gamershell";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\gamershell.com.99c35e71;"Found Tracking cookie.Gamershell";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\gamershell.com.ce59db3e;"Found Tracking cookie.Gamershell";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\hitbox.com.2b95f8a3;"Found Tracking cookie.Hitbox";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\hitbox.com.bbf2a6e8;"Found Tracking cookie.Hitbox";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\hotlog.ru.11d3633a;"Found Tracking cookie.Hotlog";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\media.adrevolver.com.539b0606;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\media.adrevolver.com.7fd89687;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\mediaplex.com.323e9a10;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\mediaplex.com.dc30fb3c;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\overture.com.52ca467a;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\overture.com.d727de6f;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\overture.com.e626e6be;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\pro-market.net.1d1ba569;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\pro-market.net.b51604f4;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\pro-market.net.bbf67f2d;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\casalemedia.com.8c65eddd;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\hypertracker.com.1f64e701;"Found Tracking cookie.Hypertracker";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\questionmarket.com.767e4302;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\realmedia.com.855b46d;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\real.com.13a6979d;"Found Tracking cookie.Real";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\real.com.66561182;"Found Tracking cookie.Real";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\real.com.77111473;"Found Tracking cookie.Real";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\real.com.99c35e71;"Found Tracking cookie.Real";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\realmedia.com.125a868c;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\realmedia.com.6b2e2a72;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\realmedia.com.775e2acd;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\realmedia.com.dc841856;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\realmedia.com.9514c147;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\realmedia.com.a2b49f1a;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\realmedia.com.e14be39e;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.4a124674;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.50e13b1b;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.67ff5178;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.738d89d;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.e6cab54;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.55564293;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.8642c85d;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.bb8f7738;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\revsci.net.f7ac007f;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\serving-sys.com.4cd8c2e9;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\smartadserver.com.321a5cf8;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\smartadserver.com.3e749ab9;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\smartadserver.com.c5827141;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\smartadserver.com.5550c4ed;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\spylog.com.a99d3bed;"Found Tracking cookie.Spylog";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tacoda.net.4366831a;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tacoda.net.ed9c50d1;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\stat.dealtime.com.f58c396a;"Found Tracking cookie.Dealtime";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tradedoubler.com.ef90aa95;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\trafficmp.com.37644bdb;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\trafficmp.com.ae53b8b;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\trafficmp.com.e2e71e33;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\trafficmp.com.f3e5803e;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tribalfusion.com.5eef93d0;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tribalfusion.com.7610f0e0;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tribalfusion.com.8b22ad8c;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tribalfusion.com.9bc3e98f;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\valueclick.net.85648628;"Found Tracking cookie.Valueclick";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\web-stat.com.41945aa9;"Found Tracking cookie.Web-stat";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\web-stat.com.4a194a63;"Found Tracking cookie.Web-stat";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\web-stat.com.91972d0d;"Found Tracking cookie.Web-stat";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\yadro.ru.a4842f54;"Found Tracking cookie.Yadro";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\yadro.ru.c77afad5;"Found Tracking cookie.Yadro";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\tribalfusion.com.ff8546b9;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\zedo.com.14a38114;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\zedo.com.f1d14556;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\yieldmanager.com.d120a313;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\zedo.com.6a4b36ab;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\zedo.com.f462b69f;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\zedo.com.a5b6a132;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\zedo.com.ff8ec9c0;"Found Tracking cookie.Zedo";"Moved to Virus Vault"


I know they are all cookies, but these are the things that McAfee wasn't even noticing. You know, I am even wondering whether or not my PC is infected by  some type of viral activity.

I opened up Task Manager to view the processes and services and found that the AVG is running. Also, when I perform a search on something in particular, I find that the AVG has green check marks beside each link in that search letting me know the links that are safe (links that are checked), and links that aren't safe (haven't found an unsafe link as of yet).My Computer, as of right now, I can't tell whether it has lost any performance issues, nor am I getting any suspicious activity such as pop-ups etc. etc. However, I no this doesn't mean my PC is not infected.

If there is a way we can investigate although I have installed the new AVG program after I gathered the file log from "Highjack This" program; I will be more than happy to behave and cooperate.Just let me know, and I will get started right away?

Thanks A Bunch

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4  

 

20.5K Posts

August 4th, 2009 07:00

It could be that your McAfee was not set to scan for cookies. Different anti-virus programs find different things. As mentioned above, I suspected that McAfee had become corrupt.  Now that you have installed another anti-virus does this mean that you will not be re-installing McAfee?

Did  you run the McAfee Removal tool, or simply use Add/Remove Programs to remove McAfee?

Hijackthis will not automatically save each log. You would have to manually save it someplace.

 

 

20.5K Posts

August 4th, 2009 14:00

I believe your post was removed by Dell because text before "what is going on" was a violation of Dell's Terms of Service. Fortunately, I  was in the middle of  working on a relpy and I remember most of your questions.

QUOTE:
How do you feel about running both McAfee and AVG anti-virus together--good idea or bad idea?
Bad idea. Running more than one anti-virus program can make you less secure.
With more than one anti-virus program on the same computer, there is a chance for conflicts if a virus gets on the machine.  Each of the anti-virus programs wants to "control" the situation and in some cases, the task of removing the virus does not get done at all.
You will also experience slowdown as each is trying to run in realtime, and you run the risk of data loss from a system crash that the instability can cause.
A better option would be to keep one good anti-virus, keep it current, and use it as designed.

As far as the Security Center, you will probably have to login as Administrator to make changes to the settings.
The Security Center should show you if your Virus Protection is ON:
http://www.microsoft.com/windows/windows-vista/features/security-center.aspx

See if this info helps as well: http://www.howtogeek.com/howto/windows-vista/disable-security-center-popup-notifications-in-windows-vista/

What seems like "viral activity" may just be the remnants of McAfee trying to run. Please run McAfee's Removal Tool to clean up what's left:
Download the removal tool from:
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

2. Click Save and save the file to any folder on your computer.
3. Navigate to the folder where the file is saved.
4. Make sure all McAfee windows are closed.
5. Double-click MCPR.EXE to run the removal tool.

 Note: Windows Vista users must right-click MCPR.EXE and select Run as Administrator.

6. Restart your computer after receiving the message CleanUp Successful.

      Your McAfee product will not be fully removed until the system is restarted.

Following that let's try a scan with Malwarebytes:

  Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates,
  • manually download them from here
    and just double-click on mbam-rules.exe to install.
    Alternatively, you can update through MBAM's interface from a clean computer,
    copy the definitions (rules.ref) located in
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
    Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top.
  • It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report along with a fresh HijackThis log into your next reply and exit MBAM.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

 

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE

 

 

29 Posts

August 5th, 2009 13:00

Bugbatter,

After downloading the McAfee removal program, I do think it removed the renants from where McAfee was installed. Where I was getting around 50 types of negative cookies each time I ran a scan (4 times within 7 hours) with AVG; after running the McAfee removal software I now pick up two cookies, so that is definitely a positive result.

Here are the cookies I continue to pick up (four different scans) using AVG...

"C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite";"Found Tracking cookie.Doubleclick";"Healed"
"C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\1sou0e7s.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
 

I also agree with your decision regarding the running of two anti-virus programs (conflict). I did read last night that installing some of the "Vista Service Pack 2" will create the computers "Security System" to not recognize an anti-virus; however, this doesn't mean an anti-virus program is not presently operating correctly in the system. I have uninstalled Service Pack 2, but the "Warning" message in the "Health Report" still continues to read "Not recognizing anti-virus.

Just to let you know I uninstalled the "Service Pack 2" before running both the "Highjack This" and "Malwarebytes" programs.

Okay, I have finally completed the Malwarebytes as you directed me to and it stated I had 1 infected Item (Highjacker).

This was the first report I performed....

 

Malwarebytes' Anti-Malware 1.40
Database version: 2564
Windows 6.0.6001 Service Pack 1

8/5/2009 1:47:27 PM
mbam-log-2009-08-05 (13-47-27).txt

Scan type: Quick Scan
Objects scanned: 75392
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Last of Your Instructions:

This is the second report and final report as you Instructed. The "Highjack This" Log report follows....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:57 PM, on 8/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe
O23 - Service: lxdc_device -   - C:\Windows\system32\lxdccoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8885 bytes

 

If there is anything else I need to do; please just let me know and I will get on it. I appreciate your help. Also thanks for directing me to the links I need (Tools) to try and get this matter resolved. Really man thanks. :emotion-2:

20.5K Posts

August 5th, 2009 18:00

If you check your Task Manager, perhaps you will be able to see if your AVG is running.

Open a command prompt:
Click start >run > type cmd and hit Enter
Into the command window type the following commands one at a time, hit Enter AFTER EACH LINE

sc delete AERTFilters
sc delete ALG
sc delete DFSR
sc delete ATIPOLAB
sc delete KeyIso
sc delete MSDTC
sc delete Netlogon
sc delete ProtectedStorage
sc delete RpcLocator
sc delete slsvc
sc delete SNMPTRAP
sc delete Spooler


Then reboot.


Please launch HijackThis and place a checkmark next to the following if they still exist:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)


Close all other windows and click "Fix Checked". Close HijackThis.
Reboot.
 Please post a fresh HijackThis log. If everything looks good, we'll flush System Restore, and you'll be good to go .

29 Posts

August 6th, 2009 02:00

bugbatter,

I opened the cmd prompt as you instructed. Then I typed items to delete one-by-one pressing enter in between each one. I didn't type an .exe on the end of each item, hope I wasn't suppose too.

To give you an example of how I typed each item...here follows: sc delete AERTFilters (ENTER), sc delete ALG (ENTER), etc. etc.


As I hit enter to go to the next line, the cmd prompt would respond by the words such as, "Failed".



After I typed all items I reboot, then launched Hijack This. I did check all of the registry lines you sent me in your last reply. Once I checked all lines, I pressed the "Fix Checked". Then, I closed out to reboot PC.


Finally, I used Hijack this and ran a fresh scan. The results follows.....



Fresh Hijack This log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:19 AM, on 8/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe
O23 - Service: lxdc_device -   - C:\Windows\system32\lxdccoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8862 bytes


If I was suppose to add an .exe during the cmd prompt session, please let me know and I will redo the steps and repost.


Thanks a bunch

20.5K Posts

August 6th, 2009 08:00

No, you do not need to type the .exe. Were you logged in as Administrator? If not, do so and try that again.

29 Posts

August 6th, 2009 11:00

Yes, each time I visit my computer I log in as Administrator. I have the ability to do what ever I want e.g. install, uninstall programs etc.

29 Posts

August 6th, 2009 11:00

Sorry to repost, but I thought it would be important to ask you now while we are on the topic of typing commands in cmd --to reduce any confusion.

 

[Two Different Questions, but just NEED one ANSWER]:

After I open cmd and type the commands you instructed, do I close out of the cmd window and then reboot?

OR

Do I reboot system while leaving the Cmd window open?

 

The reason I ask because it seems to me closing out of cmd will erase changes I've made. Not unless the changes were made immediately after pressing the ENTER key.

Hope I haven't confused you, and if did sorry.

 

20.5K Posts

August 6th, 2009 11:00

You type one line. Hit Enter.

Type the next line. Hit Enter.

Type the next. Hit Enter.

Do this  with each line. Do not close CMD until you have finished with the whole list.

Let me know how that goes.

29 Posts

August 6th, 2009 12:00

Yea, that exactly the way I did it....I'll show you, for example...

Below is the cmd window...

C:\users\Randy>sc delete AERTFilters

[sc] Openservice Failed 5:

Access is denied

C:\users\Randy>sc delete ALG

[sc] Openservice Failed 5:

Access denied

 

As I continued to type each command line as described above. I would get the same response for each (Failed, Access denied).

 

I will be more than happy to try again, but I thought I should show you how I was typing the commands in the cmd window first.

20.5K Posts

August 6th, 2009 17:00

See if the screenshots here help at the link below (You can check to see if they are listed in Services, but you will probably not have to Stop any services because according to your log, there are no files running. We are just trying to get these listings out of the registry.)

http://www.vistax64.com/tutorials/183507-services-delete.html

Names of   the services:

AERTFilters
ALG
DFSR
ATIPOLAB
KeyIso
MSDTC
Netlogon
ProtectedStorage
RpcLocator
slsvc
SNMPTRAP
Spooler

No Events found!

Top