Hijack this logfile - help!

Time to get some free stuff.... but first, why not copy this into notepad?

I would like you to download CCleaner from http://www.majorgeeks.com/download4191.html and put it in a new folder.
Next go get Ewido 4.0 [free], install it alongside your other regular applications in Program Files, because you should keep it for scanning once a week or so - put an icon on your desktop.

So, Ewido:- start it; the main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Click on update tab and then Update Now. When it finishes click on scanner tab and then Settings:- How to act- click on recommended action and set Quarantine. For reports, set to generate after every scan and untick only if threats found. Finally down on the tray right click the Ewido icon and untick Start with windows, an then Exit it. Don't scan yet.

Ok, you're done with the net. Shut it down. Disconnect..... whatever...

Rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to do...

Go into safe mode [Restart, key F8 immed after POST runs and select Safe Mode and Enter.... You'll get a dark desktop with icons etc...]

Start Ewido, do the full system scan. Click "Apply all actions" to place any infected files into Quarantine, and only then click on "Save Report" to view all completed scans; click on the scan you just performed and select "Save report."

Note: Close all open windows, programs, and DO NOT USE the computer while Ewido is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper Ewido's ability to clean properly and may result in reinfection.

And now, still in Safe Mode and with NOTHING else open, run Hijack This, check the items i list below and Fix them. [if they still exist]

NOTE - the first two you do not need as auto-starts. They just hog resources, and their functions will still remain for manual initiation.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

I'm not sure why this next one is on registry auto-load... have you had a bad crash lately?? Anyway, go ahead and fix it, cos your sys is obviously running now... :)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)

O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll

We may have some fun with the last one...

Done? then back to normal mode, run HT again and please post it.

I looked up Ewido, and it isn't available anymore, but I already had AVG and so I ran that, and of course CCleaner like you said. Here is my second hijack this log. I did have a big crash a few months ago...my husband's brother downloaded Limewire on my computer. I think I got it all off though...

Logfile of HijackThis v1.99.1
Scan saved at 1:35:16 PM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Sarah Hoffman\Desktop\index.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Verizon\Verizon Internet Security Suite\FBHR.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155586744875
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4871/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

oh, lord, i do apologise for not putting in the ewido link. it is still available, it's free if you wish; it was bought out by Grisoft. So you get it here:-
==== Get ewido and AVG free both via this link..

http://free.grisoft.com/doc/2/lng/us/tpl/v5

red.clientapps has a dubious reputation because of its advertising policies. Other cleaners suggest removing it, so unless you really wish to keep it, fix it in another HT passs.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

These two.. well, it's an online scan and if you intend to use it again you will have to dl the .exe files again cos they are missing, so fix these two also.

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Grab, Ewido. it is a good scan, it just needs manual updating, say once per week, just b4 you run a scan. Put an icon on your desktop and run it from there. Scan frequency depends on your surfing risks, i guess...
Do those things and you will be so clean your pc will squeak. Or maybe that will be the heads biting the disc surface.... :)

btw, limewire. Yep, it's peer to peer, and you never quite know your peers, do you? But if it's music you are downloading, the more copies available then prob the safer it is [no-one is going to keep a bad bit of code, are they, once they try to play it..?] and further, limewire has a preview function.... so once say 15% of your track is in, give it a test run by previewing it... if you hear a snatch of music, chances are it's okay.
Shared software? Give the file a GOOD Av scanning b4 you open it....
Never open anything with a double file extension like funnycloud.jpg.exe. It doesn't have to be .exe - there are lots of other executable script codings out there.

There is no need to download Ewido, AVG anti spyware is already installed which is what ewido AS has changed it's name to. It's the same (with a better scanner).

But it appears as if no antivirus is installed so you should download AVG antivirus form that link and run a full scan with that. Nothing else jumps out at me only that there is a lot of processes running which coulf be the reason your comp is running slow.

Try an online anti virus for a closer look

http://www.pandasoftware.com/products/ActiveScan.htm

Paste the results here if anything bad is found.

I do have my internet security suite from my internet provider, I run that from time to time and it never finds any viruses, I also ran some other free online virus scan (I don't remember which one) and it also found nothing. So, it seems my main problems is spyware, etc.

Panda online scan scans deeply and doesn't just detect viruses, it also detects spyware, adware, dialers, hacking tools.

Alright, I'll run that, probably before I go to bed tonight...it seems like it takes forever...

hey, thanks for that, colin mac.. i knew they would rebadge Ewido, just had not been back to the site to check cos my Ewido [from AVG] still receives updates. But if as you say AVG antispyware 7.5 has a better scanner [ the actual scanner, or just the GUI changes?] then i should change over...

Ok, I ran Panda...here is the report from that...

Incident Status Location
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Sarah Hoffman\Application Data\Mozilla\Firefox\Profiles\yzft7442.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@2o7"]hoffman@2o7[/EMAIL][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@adrevolver"]hoffman@adrevolver[/EMAIL][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@adrevolver"]hoffman@adrevolver[/EMAIL][3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah hoffman@ads.addynamix[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@apmebf"]hoffman@apmebf[/EMAIL][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@atdmt"]hoffman@atdmt[/EMAIL][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@atwola"]hoffman@atwola[/EMAIL][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah hoffman@c5.zedo[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@cgi-bin"]hoffman@cgi-bin[/EMAIL][1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah hoffman@ct.360i[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@hitbox"]hoffman@hitbox[/EMAIL][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah [EMAIL="hoffman@overture"]hoffman@overture[/EMAIL][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah hoffman@perf.overture[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sarah Hoffman\Cookies\sarah hoffman@www.burstbeacon[1].txt

bump

bump

Copy all of the text in the quote box to Notepad. Click File - Save as. For the name call it Fix.reg for the type save as All Files, save to the desktop.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

Double click on Fix.reg and allow it to merge with the registry.

There was nothning else found, only cookies.

Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button to clear all cookies.

* Open Firefox.
Click on Tools, then Options
Select the Privacy icon in the left-hand panel
Click on Cookies
Click on View Cookies
Click on the Remove All Cookies button

You should fine then.

thanks! I'll let you know if anything else comes up!