I Have A Trojan Horse Vb.cec And Possible Worm(vb.so)

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

I Have A Trojan Horse Vb.cec And Possible Worm(vb.so) AVG said that everything is healed but I am not so sure

#1 aljobes

Member

Group: Members
Posts: 28
Joined: 16-December 07

Posted 12 January 2008 - 04:16 PM

My browser(firefox) was freezing and now will not open. When I ran AVG anti-virus it came up that I have more then one infected file, infected with Trojan Horse VB.CEC. The infected files curiously enough were Smitfraud Fix, which I installed a month or so ago when I was experiencing a problem.....Anyways here is my log, thanks in advance!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:50 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {D17CFF74-A19C-4C36-821A-E074E4F889CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9087 bytes
:thumbsup:

This post has been edited by aljobes: 12 January 2008 - 04:17 PM

#2 ourwilly

Distinguished Member

Group: Members
Posts: 921
Joined: 06-January 05
Gender:Male

Posted 13 January 2008 - 11:29 AM

Hello aljobes

Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps.

1. First please delete SmitfraudFix from your system. Then I would like you to disable all your Real-time when doing this or any fix on your system,

To Disable Tea-Timer
Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose Yes at the Warning prompt.
Expand the Tools menu.
Click Resident.
Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
In the File menu click Exit to exit Spybot Search & Destroy

To Disable SpywareGuard's
Right click the Spywareguard system tray icon to open the program.
Click on "Options" and uncheck all the three boxes before clicking Save Settings.
Then click on Menu | File | Exit and confirm you wish to close the program.

2. Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {D17CFF74-A19C-4C36-821A-E074E4F889CA} - (no file)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

Close any Explorer windows which may be open and click the "Fix Checked" button, then exit HijackThis.

3. Check for any SUPERAntiSpyware updates then Please Reboot your System into Safe Mode
Shut down your system, then Restart your computer as soon as it starts booting up again continuously tap F8. from the menu select the option to enter Safe Mode

Open SUPERAntiSpyware and click the "Scan your computer" button.

On the left, select "C:\Fixed Drive".
On the right, under "Complete Scan", choose "Perform Complete Scan".
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click "OK".
Make sure everything in the white box has a check next to it, then click "Next".
After quarantining anything found, you may be prompted to reboot, click "Yes".

Reboot back into Normal Mode.

Rescan with HijackThis and post the new log and the SUPERAntiSpyware Log and may I ask if you are using any Norton/Symantec products on your system...

Thank you.

#3 aljobes

Member

Group: Members
Posts: 28
Joined: 16-December 07

Posted 13 January 2008 - 03:30 PM

My computer came with a trial version of Norton/Symantec which I never installed, I deleted it about a month ago....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:50 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8067 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/13/2008 at 03:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3379
Trace Rules Database Version: 1373

Scan type : Complete Scan
Total Scan Time : 02:10:02

Memory items scanned : 171
Memory threats detected : 0
Registry items scanned : 7799
Registry threats detected : 0
File items scanned : 58734
File threats detected : 0

This post has been edited by aljobes: 13 January 2008 - 03:31 PM

#4 ourwilly

Distinguished Member

Group: Members
Posts: 921
Joined: 06-January 05
Gender:Male

Posted 13 January 2008 - 04:42 PM

Hello aljobes

Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps.

1. Click on: Start > Run and type in: services.msc Click "OK"

In the Services window look for Symantec Core LC

Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click "Apply" then "OK"

2. Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3. Now that you have removed "Smitfraud Fix"

Can you now update and run the AVG anti-virus, please note anything quarantined by the AVG software Please Do Not Purge it is safely held there and no longer a threat

Post a new HijackThis log, any information on the AVG scan and let me know how your system is running.

Thank you. :thumbsup:

#5 aljobes

Member

Group: Members
Posts: 28
Joined: 16-December 07

Posted 13 January 2008 - 10:55 PM

There are three Trojan horse vb.cec infected files and a worm vb.so infected file in the virus vault. The AVG scan came back clean and everything seems to be running normally again....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:06 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8104 bytes

#6 ourwilly

Distinguished Member

Group: Members
Posts: 921
Joined: 06-January 05
Gender:Male

Posted 14 January 2008 - 02:07 AM

Hello aljobes

Can you do this for me next please.. :thumbsup:

Copy and Paste this post into a new text document or print it for reference

Please now use Internet Explorer and run this online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan: Select My Computer

This will program will start and scan your system, This will take a while so be patient and let it run.

When the scan has completed, click Save Report As a Text File.
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste that information in your next post along with a new HijackThis log.

Thank you

#7 aljobes

Member

Group: Members
Posts: 28
Joined: 16-December 07

Posted 14 January 2008 - 09:07 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:31 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8182 bytes

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 14, 2008 9:04:42 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/01/2008
Kaspersky Anti-Virus database records: 511465
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 198561
Number of viruses found: 2
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 02:24:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\blueeyedangel459\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\redrose18964\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\shadesofgray495\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\shadesofgray687\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012008011420080115\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\Perflib_Perfdata_a48.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\~DFC0DF.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\~DFE183.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0019052.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0019052.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0019052.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0019060.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP26\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\ASHLEY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\ZLT01cf8.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT01cfb.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\I386\APPS\APP02359\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP02359\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP02359\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP02359\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
D:\I386\APPS\APP02359\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP02359\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP02359\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP02359\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped

Scan process completed.

#8 aljobes

Member

Group: Members
Posts: 28
Joined: 16-December 07

Posted 15 January 2008 - 11:23 PM

FYI, I will be out of state January 16-18th so my reply may be delayed. Sorry about that, thank you for all your help so far.

#9 ourwilly

Distinguished Member

Group: Members
Posts: 921
Joined: 06-January 05
Gender:Male

Posted 16 January 2008 - 03:46 AM

Hello aljobes

Quote

I will be out of state January 16-18th

Thank you for this information.

Download AVG Anti-Spyware v7.5 and save it to your Desktop <- (Important! Vista Users should install from that same location).
(This is Ewido 4.0 renamed and updated with a special "clean driver" for removing persistent malware.)

After download, double click on the file to launch the install process.
Choose a language, click "OK" and then click "Next".
Read the "License Agreement" and click "I Agree".
Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:

Click on the "Scanner" button and choose the "Settings" tab.
Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
Under "Reports" select "Do not automatically generate reports".
Click the "Scan" tab to return to scanning options.
Click "Complete System Scan" to start.
When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

Click on "Save Report" to view all completed scans. Click on the most recent scan you performed, select "Save report as" and save to your desktop. The default file name will be in date/time format: Report-Scan-200706-1606. A copy of each report will be saved in C:\Documents and Settings\<user profile>\Application Data\Grisoft\AVG Antispyware 7.5\Reports.
If you installed AVG AS over a previous version, reports are saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
If you are a Vista user, reports are saved in C:\Users\<username>\AppData\Roaming\Grisoft\AVG Antispyware 7.5\Reports\

Exit AVG Anti-Spyware when done, reboot normally and post the AVg log report and a new HijackThis log and let me know how your system is running now.

Thank you

#10 aljobes

Member

Group: Members
Posts: 28
Joined: 16-December 07

Posted 19 January 2008 - 07:53 PM

My computer seems to be running normally.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:13 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8158 bytes

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:45:48 PM 1/19/2008

+ Scan result:

C:\Program Files\music_now\inetchk.exe -> Hijacker.Small : Cleaned.
:mozilla.126:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.130:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.156:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.157:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.158:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.285:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.286:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.287:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.363:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.364:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.365:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.142:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.143:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.144:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.145:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.146:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.118:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.119:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.120:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.121:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.122:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.122:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.123:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.125:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.126:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.127:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.128:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.416:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.417:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.418:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.419:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.262:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.349:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.67:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.35:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.38:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.45:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.108:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.40:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.458:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.519:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.594:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.36:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.159:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.160:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.163:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.165:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.148:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.149:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.474:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.475:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.476:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.533:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.606:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.381:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Idot : Cleaned.
:mozilla.454:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Idot : Cleaned.
:mozilla.530:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Idot : Cleaned.
:mozilla.113:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.124:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.259:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.347:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.424:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.62:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.63:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.469:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.470:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.471:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.528:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.529:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.530:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.601:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.602:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.603:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.152:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.153:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.154:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.133:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.134:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.135:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.136:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.139:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.140:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.49:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.50:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.52:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.53:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.54:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.55:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.56:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.57:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.167:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.168:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.169:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.170:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.172:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.173:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.174:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.175:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.176:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.177:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.179:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.180:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.181:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.182:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.183:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.370:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.443:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.477:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.478:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.479:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.480:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.506:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.519:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.34:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.37:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.38:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.39:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.40:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.41:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.41:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.42:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.46:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.47:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.48:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.27:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.18:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.158:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.161:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.162:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.164:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.166:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\cookies-3.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

#11 ourwilly

Distinguished Member

Group: Members
Posts: 921
Joined: 06-January 05
Gender:Male

Posted 20 January 2008 - 01:14 AM

Hello aljobes

As everything is running fine now, Please "Disable" and then "Re-Enable" System Restore.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

I recommend you Bookmark these Tutorials for future reference:

So how did I get infected in the first place?
Simple and easy ways to keep your computer safe and secure on the Internet

Thank you.