Strange Taskbar and Volume Problems

[shadowbladaru]

Hi Everyone,

This is my first post here, so please excuse my computer un-savvyness. Just recently, my computer started acting strange. Here are the symptoms:

1. about 30 seconds after I log in and see my desktop, I notice that there seems to be an extra transparent box layered on top of the quick launch area and it stands out because it overlaps the little round icon to expand the quick launch area.

2. When I click on my volume control, it will give me the error "there are no active mixer devices available" and I notice that some of my sound is disabled.

3. I notice that after the "strange transparent layer" appears, my taskbar/start menu will turn retro looking...like win95ish. And some of my windows and IE windows will have that win95 look even though I have WinXP and it should be green and blue...not grey and squarish looking.

4. I checked my network connections, and noticed that packets sent is about 3-4 times the number of packets recieved. (dunno if this is normal)

All this is very suspicious to me. My first thought is some virus, trojan, or malware program is installed so that someone can remotely control my computer like through terminal server or something. I've tried virus scans and the only thing I found was this thing called "Exploit_ANIfile" that got quarantined by mcafee. Still, the problem persists.


Shad

 

[Byteman]

Hi, Easiest way to rule out any virus, ad or spyware would be to check your Hijackthis log, then scan online, if nothing is found you can be fairly sure it is not caused by malware, though there are other things we can do. Will have you post a Hijackthis log first, then we can advise a scan or downloaded program to check with.

go to Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  
• Put a check by Create a desktop icon then click Next again.
  
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
  
• Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

[bonk]

Howdy,

Can you check in Device Manager and look under display Adapters and see if you see any warning signs

 

[shadowbladaru]

Hi Byteman,

Here is the log, thanks for looking into this:
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:30:53 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Okita Souji\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.lsac.org
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwca.ops.placeware.com/etc/place/CHAIR/VACpws-a2/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169351481468
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

 

[shadowbladaru]

Howdy,

Can you check in Device Manager and look under display Adapters and see if you see any warning signs

Hi Bonk,

I checked under display Adapters and there were no warning signs.

 

[Byteman]

Hi, Nothing wrong in the log, you are using quite an outdated version of Java plugin> these old versions have been updated because they are vulnerable to malware, the Vundo trojan in particular, and lots of people posting in our Security forum can testify to what Vundo is and does.

Go to www.java.com

Hit the "Download Now" button, you can install it while online. It takes some time, and it may seem that it has stopped installing, please just wait it will finish!!

If you want to scan online to check further about malware:

HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post the activescan.txt log's contents into a reply and we will look at it. Panda online scan disinfects virus, some trojans but does usually not clean up and ad or spyware, which is just about as bad these days as a virus...

 

[shadowbladaru]

Panda Activescan is still running, but so far its found 2 "hacking tools and rootkits". Does this pretty much spell game overs for me? (aka a fresh reinstall of windows?)

 

[Byteman]

No,it might not indicate a total destructive reinstall, but that has been known to result when fixing malware....

Let it finish and post the log.

We are aware of some malware that does require a reinstall, and we look for that in the logs.

When scanning it may make it take longer if you do very much
else.

 

[shadowbladaru]

Hi Byteman,

Here is the Panda activescan log:


Incident Status Location

Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/altnet Not disinfected c:\windows\temp\Altnet
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.bfast.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt[.go.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cammie\Cookies\[email protected][1].txt

 

[shadowbladaru]

here's the rest of it...

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.go.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.com.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.target.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.bfast.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Okita Souji\Application Data\Mozilla\Firefox\Profiles\tkpik8mu.default\cookies.txt[.xiti.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Okita Souji\Cookies\okita [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Okita Souji\Local Settings\Temp\Cookies\okita [email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Okita Souji\Local Settings\Temp\Cookies\okita [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Saito Hajime\Cookies\saito [email protected][1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Saito Hajime\Cookies\saito [email protected][1].txt

 

[Byteman]

Hi, You still need to update the Java plugin software, look back in one of my replies for how to do that.

ATTN: You will need to have these steps as part of the work will be done in Safe Mode- where the
Internet and these posts are not availble to you! Copy and Paste these directions into a Notepad text file
save it as steps.txt or whatever you like, to your desktop, or print them out.

DownloadATFCleanerby Atribune & save it to your desktop.

DO NOT use it yet. We will use it in Safe Mode, later

Next:

1. 
   
   Download AVG Anti-Spyware from HERE and save that file to your desktop.
   
   When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner
2. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
3. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
4. On the main screen select the icon "Update" then select the "Update now" link.

• Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

• Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  
• Note: If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
  Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.
  
  Scan settings for AVG Anti-Spyware , note that you will not be scanning in Normal mode, the steps are here so you can see the buttons etc easily!:
  
  1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.

• Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
• Under "How to Scan?" check all (default).
• Under "Possibly unwanted software" check all (default).
• Under "What to Scan?" make sure "Scan every file" is selected (default).
• Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. If you were scanning now you would Click "Complete System Scan"
4. If scanning now you'd be presented with a list of infected objects found. You'd Click "Apply all actions" to place the files in Quarantine. Do Not run a scan just yet, we will run it in safe mode.

1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

First, we will run ATFCleaner to empty the temp files so scanning is easier:

As you probably know, deleting Cookies can result in you having to type in your username and passwords at ALL sites that use logins, like this site does, so if you willy nilly delete cookies, which is safe enough to do, you will have to re-establish these cookies and login the first time you visit any site like that.

ATF Cleaner has a way to save those cookies you would like to keep but it will require some time. If you DO KNOW or have saved all your Passwords and login usernames you can delete all cookies.


Next, start up ATFCleaner:

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  Click Exit on the Main menu to close the program.

Next run AVG Antispyware:

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

• 1. Click "Complete System Scan" to start.
• 2. When the scan has finished you will be presented with a list of infected objects found.
• 3.Click "Apply all actions" to place the files in Quarantine.
  
  
  IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button!
  
• 4. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
• 5 Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

 

[shadowbladaru]

Hi Byteman,

I installed the java update before i scanned with panda so it should be all set. I followed your directions above and got the following result:
(It only seemed to detect spyware and adware but not the "rootkits and hacker tools" found by panda)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:50:41 PM 1/26/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
:mozilla.290:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.291:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.377:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.132:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.133:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.134:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.135:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.138:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.248:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.301:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.11:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.12:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.13:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.14:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.15:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.16:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.17:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.18:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.19:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.101:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.83:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.84:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.88:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.147:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.219:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.144:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.145:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.225:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.226:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.236:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.237:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.238:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.89:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.90:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.344:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.345:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.346:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.347:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.136:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.137:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.140:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.141:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.142:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.143:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.189:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.190:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.191:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.192:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.184:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.185:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.186:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.187:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.188:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.212:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.213:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.214:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.330:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.331:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.332:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.333:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.334:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.114:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.85:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.86:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.87:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.48:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.50:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.51:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.52:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.53:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.54:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.55:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.75:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.76:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.77:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.349:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.27:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.215:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.216:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.217:C:\Documents and Settings\Cammie\Application Data\Mozilla\Firefox\Profiles\3t7i23qw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

 

[shadowbladaru]

New things that happen now when I restart my computer:

1. Linksys Wireless Network Monitor window pops up saying: "Access violation at address 0040756D in module 'WMP54Gv4.exe' Read of address 00000368"
2. Error messsage pops up: "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience."

 

[Byteman]

Hi, Are you meaning these two?

Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/altnet Not disinfected c:\windows\temp\Altnet


They are not rootkits or hacktools> was anything else not in your log found? I don't see any of that category?

 

[Byteman]

Hi, This thread below contains a lot of help for the error you are getting....

http://www.windowsbbs.com/showthread.php?t=56803

See if anything there will help you find the cause, I think it is that you are using a USB wireless gateway (modem, access point etc) and it has been affected, you may need to reinstall the drivers for it, look in the Device Manager for any yellow ! marks for anything to do with any USB devices or controllers....

Apply this patch it may help:

http://www.microsoft.com/downloads/...b6-03ff-4636-861a-46b3eac7a305&displaylang=en

You will also see it used on page 3 of that thread.

Did you mean the two items detected here as the "rootkit" etc?

Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/altnet Not disinfected c:\windows\temp\Altnet

Those are not, but was anything detected taht you did not post?

More help with those:

Add/Remove programs look for My WebSearch, or MyWay toolbar, and uninstall it if you do not like and use it.

Altnet is a little tougher to get rid of:

Go HERE and see if that will remove it...do NOT attempt the manual method!!!!