View Full Version : Think I'm suffering from Virtumonde, need some help
yeahnodoubt
2008-07-12, 10:09
Hi guys. Got a nasty case of what I think is the Virtumonde blues. This thing will not go away. I've tried Spy Sweeper, VundoFix, VirtumundoBeGone, Spyware Doctor and SpyBot S&D... all with no luck. It removes the thing for awhile, everything seems fine, then it just comes back and my browser will redirect me automatically to unauthorized seach pages when I'm using Google. Sometimes the Spyware programs I have won't detect Virtumonde but there's still something wacky going on with redirecting in my Internet Explorer browser. I also have Firefox and it seems to work fine and is unaffected by the malware on my computer. Please help me get rid of this thing once and for all, whatever it is.
I followed all the instructions in the "Before You Post" thread, did the S&D in Safe Mode and have repeated the process numerous times. I'm still having wackyness on my system. Any help is greatly appreciated. Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:19 AM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1205731256\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071221
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071221
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {D858F102-2B32-49D3-95F6-AD3FD8651A90} - C:\WINDOWS\system32\cbXqroll.dll (file missing)
O2 - BHO: (no name) - {FE7F7102-6004-4BAA-BD17-0D179D3A3FE5} - C:\Documents and Settings\The Got Damn Captain\Local Settings\Temporary Internet Files\Content.IE5\0SK3D5O7\3077ahntdksr[1].dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1205731256\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8632 bytes
yeahnodoubt
2008-07-12, 22:10
Also, do I need to do anything with ComboFix? I won't mess with anything else until I hear back, don't want to screw up my computer any further. Thanks guys.
pskelley
2008-07-16, 02:54
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
You might want to read the directions again appears you missed this one.
Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count. The same applies to bumping, please don't.
I'm not seeing active malware in the HJT log but Vundo is often hidden, so let's have combofix take a look.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
Remove any old copies of combofix before you proceed.
Thanks to sUBs and anyone else who helped with this fix.
It is important that it is saved directly to your Desktop
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the combofix log and a new HJT log.
Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Thanks
yeahnodoubt
2008-07-16, 08:10
Hello Pskelly, thanks so much for your help. My apologies on bumping the post.
Here is the ComboFix log:
--------------------------
ComboFix 08-07-14.2 - The Got Damn Captain 2008-07-16 0:55:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1734 [GMT-4:00]
Running from: C:\Documents and Settings\The Got Damn Captain\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\llorqXbc.ini
C:\WINDOWS\system32\llorqXbc.ini2
C:\WINDOWS\system32\x64
C:\WINDOWS\system32\xbygddbv.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.
2008-07-13 17:15 . 2008-07-13 17:15 <DIR> d-------- C:\Deckard
2008-07-11 23:46 . 2008-07-11 23:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-11 23:41 . 2008-07-11 23:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-11 23:41 . 2008-07-11 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 22:59 . 2008-07-11 23:23 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-11 22:59 . 2008-07-11 22:59 <DIR> d-------- C:\Documents and Settings\The Got Damn Captain\Application Data\PC Tools
2008-07-11 22:59 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-11 22:59 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-11 22:59 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-11 22:59 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-11 22:47 . 2008-07-11 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 22:23 . 2008-07-11 22:29 <DIR> d-------- C:\VundoFix Backups
2008-07-11 15:37 . 2008-07-11 15:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-11 15:37 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-11 15:37 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-11 15:37 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-11 15:37 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-11 15:36 . 2008-07-11 15:36 <DIR> d-------- C:\Program Files\Webroot
2008-07-11 15:36 . 2008-07-11 15:36 <DIR> d-------- C:\Documents and Settings\The Got Damn Captain\Application Data\Webroot
2008-07-11 15:36 . 2008-07-11 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-11 15:36 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-11 15:36 . 2008-07-11 15:36 164 --a------ C:\install.dat
2008-07-11 15:06 . 2008-07-11 15:06 74 --a------ C:\WINDOWS\st_affiliate.ini
2008-07-11 14:30 . 2008-07-11 15:29 110,464 --a------ C:\WINDOWS\BMf38a4f26.xml
2008-07-09 20:19 . 2008-07-09 20:19 105,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-07-09 20:19 . 2008-07-09 20:19 103,936 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-07-09 20:08 . 2008-07-09 20:08 <DIR> d-------- C:\Documents and Settings\The Got Damn Captain\Application Data\Sonic
2008-07-09 20:08 . 2008-07-09 20:08 <DIR> d-------- C:\Documents and Settings\The Got Damn Captain\Application Data\Leadertech
2008-06-28 18:52 . 2008-06-28 18:52 <DIR> d-------- C:\Program Files\CoffeeCup Software
2008-06-28 18:52 . 2008-06-28 18:52 13 --a------ C:\WINDOWS\system32\WinUserI32.crc
2008-06-26 02:44 . 2008-06-26 02:52 <DIR> d-------- C:\Program Files\Easy Adder
2008-06-26 02:44 . 2008-07-13 16:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 18:56 . 2008-06-24 18:58 <DIR> d-------- C:\FONTS
2008-06-23 14:35 . 2008-06-26 02:51 <DIR> d-------- C:\Program Files\FriendBlasterPro
2008-06-23 14:35 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-20 13:41 . 2008-06-20 13:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-18 21:36 . 2008-06-23 15:06 754 --a------ C:\WINDOWS\WORDPAD.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 03:21 --------- d-----w C:\Program Files\Trend Micro
2008-07-10 00:18 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-07-10 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-09 23:59 --------- d-----w C:\Program Files\Roxio
2008-07-08 01:59 --------- d-----w C:\Program Files\ACID
2008-07-01 01:54 --------- d-----w C:\Program Files\Sound Forge
2008-07-01 01:52 --------- d-----w C:\Program Files\Cool Edit Pro
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 18:12 --------- d-----w C:\Documents and Settings\The Got Damn Captain\Application Data\Digidesign
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 15:51 61,224 ----a-w C:\Documents and Settings\The Got Damn Captain\GoToAssistDownloadHelper.exe
2008-06-11 14:44 --------- d-----w C:\Program Files\Citrix
2008-06-11 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix
2008-05-23 01:14 --------- d-----w C:\Program Files\PhotoDeluxe 2.0
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-21 06:56 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-04-21 06:56 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-04-21 06:56 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-04-21 06:56 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-04-21 06:56 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-05 09:00 0 ----a-w C:\Documents and Settings\The Got Damn Captain\Application Data\wklnhst.dat
2008-01-10 03:51 133 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.EXE" [2008-03-06 06:12 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-07-16 21:45 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-07-16 21:45 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-07-16 21:45 138008]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 19:23 118784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 01:35 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-17 19:42 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HostManager"="C:\Program Files\Common Files\AOL\1205731256\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"PMX Daemon"="ICO.EXE" [2006-11-08 17:01 49152 C:\WINDOWS\system32\ico.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 21:48 16132608 C:\WINDOWS\RTHDCPL.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-21 14:17:08 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-11 10:44 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave3"= Digi32.dll
"midi2"= mbx2midu.dll
"MIDI3"= diomidi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 11:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 13:22 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1205731256\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 23:50]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 03:16]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2007-06-01 15:41]
R3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2007-05-24 18:56]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 03:15]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []
S3 MBX2DFU;MBX2DFU;C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys [2007-10-31 03:16]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2007-10-31 03:16]
.
- - - - ORPHANS REMOVED - - - -
BHO-{D858F102-2B32-49D3-95F6-AD3FD8651A90} - C:\WINDOWS\system32\cbXqroll.dll
BHO-{FE7F7102-6004-4BAA-BD17-0D179D3A3FE5} - C:\Documents and Settings\The Got Damn Captain\Local Settings\Temporary Internet Files\Content.IE5\0SK3D5O7\3077ahntdksr[1].dll
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKCU-Run-Aim6 - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 00:59:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\pmxmiced.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AOL 9.1\waol.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-07-16 1:02:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 05:02:40
Pre-Run: 244,584,960,000 bytes free
Post-Run: 244,682,371,072 bytes free
192 --- E O F --- 2008-07-10 17:54:39
And here is a new HJT log:
----------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:08 AM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1205731256\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071221
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1205731256\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7667 bytes
pskelley
2008-07-16, 15:39
Thanks for returning your information, follow the directions carefully.
Optional but suggested:
C:\Program Files\Viewpoint\Common\ViewpointService.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/
Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file in your next reply.
Tell me how the computer is running now.
Thanks
yeahnodoubt
2008-07-16, 21:31
Ok, removed Viewpoint and also ran Clean Manager and the Malware Bytes program. Looks like it found Vundo and removed it - just hope it doesn't come back just like my experience with the other spyware programs.
Here's the log:
Malwarebytes' Anti-Malware 1.20
Database version: 960
Windows 5.1.2600 Service Pack 2
2:22:00 PM 7/16/2008
mbam-log-7-16-2008 (14-22-00).txt
Scan type: Full Scan (C:\|)
Objects scanned: 101831
Time elapsed: 26 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP173\A0016079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0016140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP176\A0018186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\jyhppjkv.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\unagiuninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf38a4f26.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf38a4f26.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
pskelley
2008-07-16, 22:57
Thanks for returning you information, did you restart after you removed Viewpoint? While removal is optional, it is still in the HJT log you posted last.
Let's do this:
1) Why am I not seeing a antivirus program running on this computer? Spysweeper is NOT an antivirus program. Here are three free programs if you need one, install only one:
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
http://www.avast.com/eng/avast_4_home.html
http://www.free-av.com/
2) C:\Program Files\Java\jre1.5.0_06\ <<< update your Java program, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
3) C:\VundoFix Backups <<< delete that folder and contents
4) Clean infected System Restore files:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
We have more to do, I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Once you have an antivirus program installed, update and run a system scan. Once this is done, post a new HJT log so I can see the installed program and I will continue.
Thanks
yeahnodoubt
2008-07-17, 00:28
Thanks for your continued help. No, I hadn't rebooted after I removed Viewpoint at that time. When I did, however, AOL kept trying to re-install it upon startup. It would pop up everytime I rebooted, so I checked the box in the window that said never to install or ask about that software again.
Downloaded and installed AVG
Uninstalled old JRE and installed the latest version from the link you provided.
Deleted Vundo Fix Backups folder
Did the System Restore ON/OFF cleanup
Ran AVG and the scan found some infections and removed them. Here is the log from AVG:
"Scan ""Scan whole computer"" was finished."
"Infections found:";"5"
"Infected objects removed or healed:";"5"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"195"
"Information count:";"0"
"Scan started:";"Wednesday, July 16, 2008, 4:37:53 PM"
"Scan finished:";"Wednesday, July 16, 2008, 4:55:44 PM (17 minute(s) 51 second(s))"
"Total object scanned:";"477912"
"User who launched the scan:";"The Got Damn Captain"
"Infections"
"File";"Infection";"Result"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-30d5aac8-1f9a8558.class";"Trojan horse Generic_c.IKY";"Moved to Virus Vault"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-31829bd4.zip";"Virus identified Java/ByteVerify";"Moved to Virus Vault"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-31829bd4.zip:\Installer.class";"Virus identified Java/ByteVerify";"Moved to Virus Vault"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-31829bd4.zip:\MagicApplet.class";"Virus identified Java/ByteVerify";"Moved to Virus Vault"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-31829bd4.zip:\OwnClassLoader.class";"Virus identified Java/ByteVerify";"Moved to Virus Vault"
"Warnings"
"File";"Infection";"Result"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@247realmedia[1].txt";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@247realmedia[1].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.1aa86b19";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.2e1f9920";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.35a30809";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.4074eacd";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.484dbb69";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.4cf9215";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.507bb466";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.568d081c";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.686f76b4";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.98033e86";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@2o7[1].txt:\2o7.net.ba00a41a";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adbrite[1].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adbrite[1].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adbrite[1].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adbrite[1].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adopt.euroclick[2].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adopt.euroclick[2].txt:\adopt.euroclick.com.17044b51";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adopt.euroclick[2].txt:\adopt.euroclick.com.6d7740f7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adopt.euroclick[2].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adopt.euroclick[2].txt:\adopt.euroclick.com.8b1bd7bc";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adopt.euroclick[2].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adopt.euroclick[2].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adrevolver[2].txt:\adrevolver.com.4a719aa9";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adrevolver[2].txt:\adrevolver.com.b595d4db";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@advertising[2].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@bluestreak[2].txt";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@bluestreak[2].txt:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@casalemedia[2].txt:\casalemedia.com.6a12b080";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@fastclick[1].txt";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@fastclick[1].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@fastclick[1].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@fastclick[1].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@fastclick[1].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@hitbox[2].txt";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@hitbox[2].txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@hitbox[2].txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@media.adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@media.adrevolver[2].txt:\media.adrevolver.com.2be00b0";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@media.adrevolver[2].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@realmedia[1].txt";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@realmedia[1].txt:\realmedia.com.68087763";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@realmedia[1].txt:\realmedia.com.6b2e2a72";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@realmedia[1].txt:\realmedia.com.df84c09d";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@realmedia[1].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@revsci[1].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@revsci[1].txt:\revsci.net.3f4566dd";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@revsci[1].txt:\revsci.net.f7ac007f";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tacoda[1].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tacoda[1].txt:\tacoda.net.dc9b6449";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tacoda[1].txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@trafficmp[2].txt";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@trafficmp[2].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@trafficmp[2].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@trafficmp[2].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@trafficmp[2].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@trafficmp[2].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tribalfusion[1].txt";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@tribalfusion[1].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@zedo[2].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@zedo[2].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@zedo[2].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@zedo[2].txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@zedo[2].txt:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@zedo[2].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Deckard\System Scanner\20080713171649\backup\DOCUME~1\THEGOT~1\LOCALS~1\Temp\Cookies\the got damn captain@zedo[2].txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Application Data\Mozilla\Firefox\Profiles\axqlzr00.default\cookies.txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@2o7[1].txt:\2o7.net.1aa86b19";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@2o7[1].txt:\2o7.net.2e1f9920";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@2o7[1].txt:\2o7.net.35a30809";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@2o7[1].txt:\2o7.net.484dbb69";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adbrite[1].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adbrite[1].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adbrite[1].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adbrite[1].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adbrite[1].txt:\adbrite.com.e3b6fcdd";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adengage[1].txt";"Found Tracking cookie.Adengage";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adengage[1].txt:\adengage.com.411a57fb";"Found Tracking cookie.Adengage";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adengage[1].txt:\adengage.com.6b2a3f1";"Found Tracking cookie.Adengage";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adengage[1].txt:\adengage.com.90cfe1c9";"Found Tracking cookie.Adengage";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adopt.euroclick[2].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adopt.euroclick[2].txt:\adopt.euroclick.com.17044b51";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adopt.euroclick[2].txt:\adopt.euroclick.com.6d7740f7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adopt.euroclick[2].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adopt.euroclick[2].txt:\adopt.euroclick.com.8b1bd7bc";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adopt.euroclick[2].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@adopt.euroclick[2].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@advertising[2].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@fastclick[1].txt";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@fastclick[1].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@fastclick[1].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@fastclick[1].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@fastclick[1].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@realmedia[2].txt";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@realmedia[2].txt:\realmedia.com.68087763";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@realmedia[2].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@revsci[1].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@revsci[1].txt:\revsci.net.3f4566dd";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@revsci[1].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@revsci[1].txt:\revsci.net.f5f26334";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@tacoda[1].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@tacoda[1].txt:\tacoda.net.d323296e";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@tacoda[1].txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@trafficmp[2].txt";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@trafficmp[2].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@trafficmp[2].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@trafficmp[2].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@trafficmp[2].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\The Got Damn Captain\Cookies\the_got_damn_captain@trafficmp[2].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
yeahnodoubt
2008-07-17, 00:29
And here is a new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:07 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1205731256\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071221
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1205731256\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8207 bytes
pskelley
2008-07-17, 00:42
Thanks, I run AVG 8 myself, it is a good freeware program.
I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.
Since we do not need to scan with combofix, click NO
http://img.photobucket.com/albums/v666/sUBs/RC_whatnext.gif
http://img.photobucket.com/albums/v666/sUBs/RC_AllDone.gif
Thanks
yeahnodoubt
2008-07-17, 08:17
Hi, Pskelley...
I have just followed your instructions and it seems I have installed the Recovery Console successfully.
Here is the CF-RC log:
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
I have not rebooted yet, so until I hear from you, I'll leave my system running; it will go into power save mode so it shouldn't be a problem. Thanks again for your assistance in repairing and optimizing my system.
pskelley
2008-07-17, 15:36
Recovery Console was install correctly, hope you never have the kind of problem that causes you to need it, but it is there if you do, some information:
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654
I want to be sure you removed the junk AVG found? AVG places it in the Vault (quarantine) in case of an issues with anything it removed, it can be restored from there.
If you are no longer having malware problems, then let's do this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
yeahnodoubt
2008-07-17, 21:51
Thanks for the Recovery Console information. I ran another scan with AVG, everything was clean. I emptied the junk out of the vault in AVG as well. It was the two infected Sun Java files. Also uninstalled ComboFix just as you instructed. Looks like my system is clean right now and problem-free. Thanks so much Pskelley for your help - don't know what I would've done without it! Have a great weekend.