Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sluggish Computer


  • This topic is locked This topic is locked
8 replies to this topic

#1 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:12 AM

Posted 16 July 2007 - 08:08 AM

I have investigated all and am totally lost. I have cleaned, defragmented reinstalled and am at wit's end. FF is so slow...I have disabled the following in start ups :
NMBgMonitor
Ccleaner
GrooveMonitor
msmsgs
PCPoptimize
Launch ( Nokia Software)
Picasa MediaDEtector
Skype
Jusched
winampa
Yahoomessenger
Adobe Reader
BTTray ( Bluetooth)
Gigaset ( wireless adapter
Adobe Gamma
Folding at Home
OneNote
StardockObject


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:46, on 16-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Eigen\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1178102533796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1178102502265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - https://premiummail.lycos.nl/app/uploader/FileUploader.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab30149.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 12780 bytes

BC AdBot (Login to Remove)

 


m

#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:12 AM

Posted 30 July 2007 - 12:52 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please observe the following guidelines:During the cleaning process, if any other issues appear, please let us know.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 fozzie

fozzie

    aut viam inveniam aut faciam

  • Topic Starter

  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:12 AM

Posted 30 July 2007 - 01:41 PM

Obviously I am not posting at another forum, if my peers can not help me who can... Situation has not changed, still terribly slow especially Firefox
I have gone thru all the tweaking steps of Firefox

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:06, on 30-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Hijack This\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1178102533796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1178102502265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - https://premiummail.lycos.nl/app/uploader/FileUploader.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab30149.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14065 bytes

Edited by fozzie, 30 July 2007 - 01:46 PM.


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:12 AM

Posted 01 August 2007 - 07:27 PM

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 1

I noticed that your "Adobe Reader" is out of date.

You may want to download the latest version, Adobeģ Readerģ 8.

Step 2

Please download Spybot-S&D.
Please check this link, Using Spybot- Search and Destroy To Remove Spyware From Your Computer, for instructions on how to download, install and use Spybot-S&D. Run this program as soon as possible.

Step 3

Note: At this time, Ad-Aware 2007 Free, Ad-Aware 2007 Plus, and Ad-Adware 2007 Pro are not compatible with MS Vista.
Installation Instructions
  • Please download Ad-Aware 2007 Free to your desktop. The Ad-Aware 2007 Free installation file will be aaw2007.msi or aaw2007.exe.
  • Double-click the file and follow the on-screen instructions in the Installation Wizard to install.
  • When the Please Enter Your License Information screen appears, click Cancel and Ad-Aware 2007 Free will be installed.
  • When the Ad-Aware 2007 Has Been Successfully Installed Screen appears, click Finish to complete the installation and to launch Ad-Aware 2007 Free.
  • The Status screen will appear. You will see four sections.
    • System Protection Status section where you will see Real Time Protection with a check in the Off dialog box and Automatic Updates with a check in the On dialog box.
    • Update Status section
    • System Scan section
    • License Status section where you will see that the Type: will be Free Edition and License Expires in: Never.
  • In the list on the left of the screen, click Scan. You will be given a choice of Smart Scan, Full Scan, and Custom Scan. (Scheduler on the right of the screen is only available in Ad-Aware 2007 Plus and Ad-Aware Pro.)
  • In the list on the left of the screen, click Settings > Scanning tab. Use the default settings unless you see some changes that you want to make.
  • In the list on the left of the screen, click Status. In the System Scan section, click Scan Now.
  • When the scan finishes, the Critical Objects tab window appears.
  • Under Scan Results, you will see the list of Critical Objects that Ad-Aware 2007 Free found. You are given three choices, Add to ignore, Quarantine, Remove, and System Restore. You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If Critical Objects are found, select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
  • Click Remove.
  • If no Critical Objects are found, click the Privacy Objects tab.
  • If there are Privacy Objects listed, select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Select Add to ignore or Remove..
  • Click Remove.
  • If no Privacy Objects are found, click the Log File tab to see the statistics of the Ad-Aware 2007 Free scan.
  • Click Finish.
  • The next screen shows you the Scan Summary in the left panel and System Restore in the right panel.
    • You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If you choose to create a System Restore Point, click Set.
    • You may want to export the results Click Export and save the log on your computer .
    • Click Scan Again to repeat the scan.
  • You will be returned to the Status screen. Click on the X in the upper right corner to exit Ad-Aware 2007 Free.
Step 4

To help prevent further infection, please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
  • Please check this link, Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware for instructions on how to download, install, and use SpywareBlaster.
Step 5

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.

Please download and install AVG Anti-Spyware (formerly Ewido).
  • Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security:
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active Internet connection to perform this)
    • Wait until you see the Update successful message.
  • Right-click the AVG Anti-Spyware Tray Icon. and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • If you are having problems with the updater, you can use this link, AVG Anti-Spyware manual updates, to manually update AVG Anti-Spyware..
  • Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Scan With AVG Anti-Spyware. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process.
  • Close ALL open Windows / Programs / Folders. Reboot to Safe Mode (without networking support !) If you donít know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode.
  • Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All boxes should be checked.
      • Under Possibly unwanted software:
        • All boxes should be checked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in Normal Mode.
Step 6

In Normal Mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Microô HouseCall
Windows Live Safety Center Free Online Scan
When you have completed the scans, if you get a report of files that canít be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please edit the log(s) and remove:
  • items listed as "Object is locked skipped"
  • items reported that are in an antivirus quarantine folder
Please post the edited list in your next reply.


Step 7

The ATF-Cleaner program is for XP and Windows 2000 only.
ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 8

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any):

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab


These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

NvCpl.dll,NvStartup initializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

BluetoothAuthenticationAgent (Associated with BlueTooth software) process can be removed to free up resources without compromising system performance. Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

type32.exe (MS programmable keyboards) process can be removed to free up resources without compromising system performance. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

point32.exe (Microsoft Intellipoint Intellimouse) process can be removed to free up resources without compromising system performance. This is the Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

nwiz.exe is a part of NVidia's Nview features installable alongside its graphics hardware products. This application will give the user access to additional features which allow the configuration of up to 32 monitors on a host or to expand the desktop across many monitors. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

You have NvMcTray.dll,NvTaskbarInit running at Startup. This is a System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

nerocheck.exe is a process associated with the Nero CD writing or Nero CD/DVD software. It is used to install or control the Nero driver nerocd2k.sys application. This process should not be removed while using the Nero CD Writing software. This program constantly checks for known drivers that can conflict with our Nero/Nero Express/NeroVision Express software. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

yahoomessenger.exe (YAHOOM~1.EXE) (Yahoo! Messenger process can be removed to free up resources without compromising system performance. yahoomessenger.exe is the executable for Yahoo! Messenger, a free instant messenging software from Yahoo! Inc.. It allows you to send and receive messages from online contacts. Other features include LAUNCHcast radio, Yahoo! Weather and Yahoo! Games. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

msmsgs.exe (MSN Messenger Internet chat tool) is the main process relating to the MSN Messenger Internet chat tool installed by default on most Windows computers. The Windows Messenger from Microsoft provides Online Chat and Instant Messaging. If you don't use Windows Messenger, you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger".
A tray bar is also installed alongside this process for easy access to its features which include Internet chat, file sharing and audio/video conferencing. This is a non-essential process. Disabling or enabling it is down to user preference. process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

hpoddt01.exe (HP Photo and Imaging Director) process can be removed to free up resources without compromising system performance. Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started. This is a valid program but it is not required to run on startup as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: hpoddt01.exe.lnk = ?

IDriverT.exe (InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. idrivert.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for the service identified in the 023 line of HijackThis and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Nero Scout

These files belong to Nero Scout.
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

Nero Scout is a media indexer. It constantly runs in the background, looking for new media files, i.e. MP3s, videos, and photos. When it finds such a file, it adds it to its own internal database. The database is used by other Nero programs, such as Wave Editor, Burning ROM, and PhotoSnap. Like most of the indexing programs bundled with many applications, it is not as useful as it claims to be. The only purpose for the database is to give you a more convenient way to access those media files without having to navigate the folders on your hard drive. Unless you are a hard-core user of all of Nero's programs, Nero Scout can be removed to free up system resources.

Get rid Of Nero Scout

The first thing to do is to disable Nero Scout via its own interface.
  • To do so, double-click on the My Computer icon.
  • Right-click on the Nero Scout icon and choose Options.
  • Uncheck the option for Enable Nero Scout.
  • Reboot your computer and see if you are still experiencing problems.
  • If you are, and you are running Nero 7, you can also perform the following actions:
  • Click on the Start button and choose Run. Type the following line exactly as it appears:

    regsvr32 /u "%COMMONPROGRAMFILES%\Ahead\Lib\MediaLibraryNSE.dll"

  • Click OK and reboot your computer.
Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

If you did not add the listed domain to the Trusted Zones yourself, have HijackThis fix it.

O15 - Trusted Zone: http://toolbar.imageshack.us

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 9

Letís run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 10

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the logs from AVG Anti-Spyware and the list of filenames and locations for any files that canít be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 fozzie

fozzie

    aut viam inveniam aut faciam

  • Topic Starter

  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:12 AM

Posted 05 August 2007 - 02:30 AM

Your given link to Bitdefender is wrong. http://www.bitdefender.com/scan8/ie.html is the correct link. I will return with all the requested reports asap.

Thanks

#6 fozzie

fozzie

    aut viam inveniam aut faciam

  • Topic Starter

  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:12 AM

Posted 05 August 2007 - 06:45 AM

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:02, on 5-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1178102533796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1178102502265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - https://premiummail.lycos.nl/app/uploader/FileUploader.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab30149.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12911 bytes


THe cookies mentioned in here are in a Firefoxbackup by Mozbackup. After identifying those I have deleted the backups and made new ones.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:34:47 5-8-2007

+ Scan result:



:mozilla.14:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 2.0.0.4 (nl) - 2007-06-19.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.56:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.56:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.57:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.57:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.81:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.81:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.82:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.82:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.13:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.14:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.14:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.15:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.15:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.16:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.16:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.17:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.17:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.18:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.18:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.19:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.19:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.20:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.20:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.21:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.21:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.44:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.44:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.46:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.46:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.47:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.47:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.48:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.48:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.49:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.49:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.50:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.50:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.51:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.51:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.51:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.52:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.52:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.52:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.53:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.53:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.61:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.61:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.62:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.62:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.32:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 2.0.0.4 (nl) - 2007-06-19.pcv/cookies.txt -> TrackingCookie.Addynamix : Error during cleaning.
:mozilla.52:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Adjuggler : Error during cleaning.
:mozilla.99:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.99:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.108:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
:mozilla.108:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
:mozilla.51:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
:mozilla.131:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Burstnet : Error during cleaning.
:mozilla.102:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.102:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.103:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.103:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.104:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.104:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.105:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.105:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.103:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Clickhype : Error during cleaning.
:mozilla.21:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.21:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.31:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.31:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.107:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Enhance : Error during cleaning.
:mozilla.58:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.60:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.61:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.62:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.63:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.64:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.24:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.24:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.25:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.25:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.25:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.26:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.91:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.91:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.92:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.92:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.45:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Masterstats : Error during cleaning.
:mozilla.45:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Masterstats : Error during cleaning.
:mozilla.6:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning.
:mozilla.6:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning.
:mozilla.79:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning.
:mozilla.79:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning.
:mozilla.80:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning.
:mozilla.80:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning.
:mozilla.8:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning.
:mozilla.8:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning.
:mozilla.107:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.107:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.12:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.12:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.84:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.84:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.98:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Paypal : Error during cleaning.
:mozilla.98:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Paypal : Error during cleaning.
:mozilla.49:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Planetactive : Error during cleaning.
:mozilla.87:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Realmedia : Error during cleaning.
:mozilla.88:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Realmedia : Error during cleaning.
:mozilla.89:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Realmedia : Error during cleaning.
:mozilla.90:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Revenue : Error during cleaning.
:mozilla.21:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 2.0.0.4 (nl) - 2007-06-19.pcv/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
:mozilla.22:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 2.0.0.4 (nl) - 2007-06-19.pcv/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
:mozilla.70:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
:mozilla.70:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
:mozilla.74:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
:mozilla.74:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
:mozilla.8:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 2.0.0.4 (nl) - 2007-06-23.pcv/cookies.txt -> TrackingCookie.Smartadserver : Error during cleaning.
:mozilla.8:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 2.0.pcv/cookies.txt -> TrackingCookie.Smartadserver : Error during cleaning.
:mozilla.8:C:\Documents and Settings\Eigen\Mijn documenten\brandnieruw.pcv/cookies.txt -> TrackingCookie.Smartadserver : Error during cleaning.
:mozilla.15:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 (nl) - 2005-12-17.pcv/cookies.txt -> TrackingCookie.Tradedoubler : Error during cleaning.
:mozilla.15:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-17.pcv/cookies.txt -> TrackingCookie.Tradedoubler : Error during cleaning.
:mozilla.96:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Trafic : Error during cleaning.
:mozilla.59:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5 nl - 2005-12-08.pcv/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
:mozilla.27:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.27:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.28:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.28:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.29:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.29:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.30:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.30:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-09.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.50:C:\Documents and Settings\Eigen\Mijn documenten\Firefox 1.5.0.7 nl - 2006-09-27.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.74:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.74:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.75:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.75:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.76:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.76:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.77:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.77:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.78:C:\Documents and Settings\Eigen\Bureaublad\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.78:K:\nieuwe setup\Firefox 2.0.0.4 nl - 2007-07-05.pcv/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.


::Report end


Computer is running better ow

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:12 AM

Posted 05 August 2007 - 01:29 PM

Thank you for letting me know about the link for BitDefender. I try but I do not always catch the changes. I will correct my files.

You may want to update Firefox 2.0.0.4 to Firefow 2.0.0.6. In Firefox, click Help > Check For Updates.

Tips To Protect Your Computer
  • Avoid inviting the monsters in by clicking on links in instant messages.
  • Avoid opening email attachments.
  • Avoid visiting every poker site on the net.
  • Avoid downloading all that free cute junk.
  • Avoid using the peer-to-peer file sharing.
  • Avoid getting those handy toolbar doodads for your browsers.
  • There are horrible critters out there just waiting to pounce on your system if you only pass by where they are lurking, which may be at some seemingly innocent web site. Be careful because some of these monsters are so vicious that no one can possibly save you once you let them in.
  • Remember that new bad stuff emerges every week of the year. Take responsibility for protecting your system because you are its first and best defense.
Your log appears to be clean. Please advise me of any problems you still have. Please respond to this thread one more time so we can mark this thread as resolved. Thanks.

Tools Downloaded To Clean Your Computer

I asked you to install some tools. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight the program, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Optional Tools:
  • Ad-Aware 2007 scans, detects, and removes spyware on your computer.
  • ATF-Cleaner features include:
    • Cleaning of all user temp folders, administrator only can use this feature.
    • Cleaning of the Java cache, which seems to be harboring more and more malware.
    • Cleaning the cache, cookies, history, download history, visited links and saved passwords.
  • AVG Anti-Spyware is a good scanner to use. This will auto update for the trial period of 30 days. Afterwards, you will need to update manually before scanning. Scan weekly if you have high Internet use.
  • HijackThis may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
Restore the default settings for files/folders.
  • Go to My Computer.
  • Select the Tools menu and click Folder Options.
  • Click the View tab.
  • Under Advanced Settings, click the Restore Defaults button in the lower right corner.
  • Click Apply and then the OK and close My Computer.
Please take the time to read my All Clean Post. .

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
    Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    • Close all open programs. Then right-click My Computer on the Windows desktop
    • Click on Properties.
    • Click on the System Restore tab.
    • Check Turn off System Restore on all drives.
    • Restart the system.
    • Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step D.
    • You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
  • Make your Internet Explorer more secure: This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use IE-SPYAD: Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
  • Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  • Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  • Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • You should scan your computer with Ad-Aware 2007 as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here: Ad-Aware 2007.
  • Install SpywareBlaster: SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK.
  • Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  • Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 fozzie

fozzie

    aut viam inveniam aut faciam

  • Topic Starter

  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:12 AM

Posted 06 August 2007 - 03:37 AM

It is all good, thank you. I still have some questions but I will post these in the appropiate forum. Thanks again

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:12 AM

Posted 06 August 2007 - 10:12 AM

You are welcome. I am glad we could help.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users