Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rond.starsdoor Pop Ups


  • Please log in to reply
5 replies to this topic

#1 shelly26

shelly26

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 23 September 2007 - 07:53 PM

Hello,
Since yesterday, my pc has been plauged by pop ups related to rond.starsdoor. I ran Spybot Search & Destroy, Housecall, and Stinger. Here is the Hijack This log file.

Thanks for your help!

- Sheila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:42 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\retadpu.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Sheila\My Documents\Unzipped\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://prudential.truelogic.com.au/download/CfxIEAx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://prea.webex.com/client/v_mywebex/training/ieatgpc.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.2.cab
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11554 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 24 September 2007 - 08:22 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum shelly26 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

You have Norton AntiVirus and AVG7 Antivirus installed.
Its definitely not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one of them now,then restart your pc.

If you decide to uninstall Norton,if there is no uninstaller available in Add\Remove Programs then you will need to download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
*Please Note:*
The Norton Removal Tool will remove all Norton/Symantec products from your pc.


*NOTE*
If you have previously downloaded ComboFix,please delete that version and download it again from below.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 shelly26

shelly26
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 September 2007 - 02:39 PM

Hi Richie,
Thanks so much for your help. I did as you asked. Here are the logs for combofix and hijack this.

Thanks!

Sheila

ComboFix 07-09-21.2 - "Sheila" 2007-09-24 15:18:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\DOWNLO~1.\rave
C:\WINDOWS\DOWNLO~1.\rave\avirexe.vdm
C:\WINDOWS\DOWNLO~1.\rave\avirscr.vdm
C:\WINDOWS\DOWNLO~1.\rave\base.vdm
C:\WINDOWS\DOWNLO~1.\rave\daily.vdm
C:\WINDOWS\DOWNLO~1.\rave\daily.vdt
C:\WINDOWS\DOWNLO~1.\rave\filters.vdm
C:\WINDOWS\DOWNLO~1.\rave\kernel.vdk
C:\WINDOWS\DOWNLO~1.\rave\keyring.vdk
C:\WINDOWS\DOWNLO~1.\rave\mapi_vdm.vdm
C:\WINDOWS\DOWNLO~1.\rave\modules.vdk
C:\WINDOWS\DOWNLO~1.\rave\rav8def.vdm
C:\WINDOWS\DOWNLO~1.\rave\rufs.vdm
C:\WINDOWS\DOWNLO~1.\rave\rufsplg.vdm
C:\WINDOWS\DOWNLO~1.\rave\unarch.vdm
C:\WINDOWS\DOWNLO~1.\rave\unmail.vdm
C:\WINDOWS\DOWNLO~1.\rave\unpack.vdm
C:\WINDOWS\mantec~1
C:\WINDOWS\mantec~1\??mantec\
C:\WINDOWS\retadpu72.exe
C:\WINDOWS\system32\pcs
C:\WINDOWS\system32\pcs\pcsvc.dll_tobedeleted

.
((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
.

2007-09-24 15:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 14:38 <DIR> d-------- C:\DOCUME~1\Sheila\.housecall6.6
2007-09-22 13:18 <DIR> d-------- C:\Program Files\Temporary
2007-09-17 17:03 <DIR> d-------- C:\Program Files\DellSupport
2007-09-17 16:45 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Real
2007-09-17 07:34 <DIR> d--h----- C:\DOCUME~1\Jeremy\APPLIC~1\Gtek
2007-09-17 07:34 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Symantec
2007-09-17 07:34 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Sonic
2007-09-17 07:34 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Jasc Software Inc
2007-09-05 18:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-09-05 18:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-09-05 18:25 8,413 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys
2007-09-05 18:23 <DIR> d-------- C:\Program Files\Rhapsody

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 15:26 --------- d-------- C:\Program Files\Microsoft AntiSpyware
2007-09-24 15:07 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-22 15:04 --------- d-------- C:\Program Files\SysAI
2007-09-17 17:04 --------- d--h----- C:\DOCUME~1\Sheila\APPLIC~1\GTek
2007-09-17 17:04 --------- d-------- C:\DOCUME~1\Guest\APPLIC~1\Gtek
2007-09-05 18:30 --------- d-------- C:\Program Files\Soulseek
2006-09-06 19:50 28672 --a------ C:\DOCUME~1\Guest\atwbxdet.dll
2005-07-05 08:36 32041 --a--c--- C:\Program Files\wilco2005.06.26.spc4.artz.flac16.torrent
2005-07-01 18:13 2995368 --a--c--- C:\Program Files\SVGView.exe
2005-06-30 23:45 344998294 --a------ C:\Program Files\Photoshop_CS2_tryout.zip
2005-04-27 23:58 937001 --a--c--- C:\Program Files\slsk156c.exe
2005-04-04 13:19 380265 --a------ C:\Program Files\brighteyes.zip
2005-03-18 10:42 52204504 --a--c--- C:\Program Files\Dell_English_PSPA_521_Deluxe_ESD.exe
2005-03-18 10:06 571040 --a--c--- C:\Program Files\install_easyshare.exe
2004-11-16 17:11 526313 --a------ C:\DOCUME~1\Sheila\Semagic1418for2k.exe
2004-10-05 08:28 765001 --a------ C:\DOCUME~1\Sheila\slsk152.exe
2004-09-06 23:26 20630968 --a------ C:\DOCUME~1\Sheila\iTunesSetup.exe
2004-07-29 19:55 116463616 --a------ C:\DOCUME~1\Sheila\pse2trial.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 01:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 01:07]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 20:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-18 11:39]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2004-12-31 17:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 03:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-24 15:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-06-02 14:51]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2005-05-17 15:22:42]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-03-02 10:13:23]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

C:\DOCUME~1\Guest\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

C:\DOCUME~1\Jeremy\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

C:\DOCUME~1\Sheila\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sheila^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Sheila\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sheila^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Sheila\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys
R1 $sys$crater;$sys$crater;\??\C:\WINDOWS\System32\$sys$filesystem\crater.sys
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe
S2 $sys$DRMServer;Plug and Play Device Manager;C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
S3 $sys$lim;$sys$lim;\??\C:\WINDOWS\System32\$sys$filesystem\lim.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-05 12:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 15:25:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$cor]
"ImagePath"="System32\Drivers\$sys$cor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$crater]
"ImagePath"="\??\C:\WINDOWS\System32\$sys$filesystem\crater.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$DRMServer]
"ImagePath"="C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$lim]
"ImagePath"="\??\C:\WINDOWS\System32\$sys$filesystem\lim.sys"
.
Completion time: 2007-09-24 15:28:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-24 15:27
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:53 PM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://prudential.truelogic.com.au/download/CfxIEAx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://prea.webex.com/client/v_mywebex/training/ieatgpc.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.2.cab
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 8389 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 24 September 2007 - 02:52 PM

Microsoft ended its support for Microsoft AntiSpyware last year,so please remove/uninstall it via Start/Control Panel/Add or Remove Programs,then restart your pc.
We can replace it later with Windows Defender,once your system is clean.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.2.cab

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.

Post the Activescan report in your next reply please.
Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#5 shelly26

shelly26
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 September 2007 - 10:52 PM

Thanks so much for your help! I did all of the steps you recommended above, and my pc is running quickly again, and so far no pop ups. Below are the three logs you asked me to post.

Thank you again!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/24/2007 at 09:55 PM

Application Version : 3.9.1008

Core Rules Database Version : 3312
Trace Rules Database Version: 1315

Scan type : Complete Scan
Total Scan Time : 00:52:50

Memory items scanned : 370
Memory threats detected : 0
Registry items scanned : 6133
Registry threats detected : 3
File items scanned : 54075
File threats detected : 466

Adware.Tracking Cookie
C:\Documents and Settings\Sheila\Cookies\sheila@zedo[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@indexstats[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@entrepreneur.us.intellitxt[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ad.yieldmanager[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@nextag[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adserver[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@marketlive.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@media.jcarter[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@realmedia[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@entrepreneur[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@data4.perf.overture[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@roiservice[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@highbeam.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.monster[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adopt.specificclick[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.burstbeacon[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@revsci[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@reduxads.valuead[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@count4.exitexchange[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@partner2profit[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.ecrush[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cbs.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.entrepreneur[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.click2houston[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@stat.onestat[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@trafficmp[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cgi-bin[3].txt
C:\Documents and Settings\Sheila\Cookies\sheila@statcounter[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ad[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@fastclick[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.pointroll[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.0stats[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.123stat[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@tracking.foxnews[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@optimost[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@stats.espinthebottle[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@tradedoubler[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@tacoda[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@anat.tacoda[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@click2houston[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@polo.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ehg-legacy.hitbox[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@stats2.clicktracks[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.expedia[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@anad.tacoda[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@50715070[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@tribalfusion[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@mediaplex[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@paypal.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@pitchforkmedia[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.cnn[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@clickondetroit[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ford.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@generatePasscode[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@data3.perf.overture[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@advertising[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@host.oddcast[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.burstnet[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@questionmarket[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@journalregistercompany.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cnn.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@indextools[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@glide.advertserve[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@atdmt[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.addesktop[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@bannerads[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ecnext.advertserve[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.cellartracker[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@kanoodle[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@livenation.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.brucespringsteen[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.ticketsnow2[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@wegmansfoods.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adopt.euroclick[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@r-kimedia.co[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@valueclick[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adserver.news.com[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.belstat[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adinterax[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@webstat[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@marthastewart.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@server2.bkvtrack[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@fortunecity[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@sexadelphia[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@stats.manticoretechnology[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ad101com.adbureau[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@harpo.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@hitbox[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adbrite[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adlegend[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adserver.pollstar[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cz8.clickzs[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cpvfeed[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@bs.serving-sys[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@bizrate[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@mapsexoffenders[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@chicagosuntimes.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.guardian.co[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@stat.dealtime[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@financialcontent.advertserve[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@clicksor[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@sales.liveperson[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.vox[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@mb[3].txt
C:\Documents and Settings\Sheila\Cookies\sheila@track.gravitytrack[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@data1.perf.overture[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@dynamicsitestats[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@solmeliahotels.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@icc.intellisrv[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@dealtime[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@sixapart.adbureau[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@homestore.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cgi-bin[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@snapfish.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@rambler[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@petsunitedllc.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@specificclick[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@40715998[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.clickxchange[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@interland.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ad.islamonline[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@s.clickability[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ulta.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.jolinko[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@xml.bravenetmedianetwork[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ww3.shoshkeles[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@yadro[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@xiti[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@media.hotels[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@reunioncom.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@oasc02.247realmedia[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.belointeractive[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@a[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@bannerads.zwire[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@57386690[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@bravenetmedianetwork[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@postranchinn.sitetracker[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adserving[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@vhost.oddcast[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ehg-viacom.hitbox[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@doubleclick[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.ticketsnow[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@image.masterstats[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@try.screensavers[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@bizjournals.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.mediabuyerplanner[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adserver.adreactor[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@bfm.valueclick[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@mediabuyerplanner[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@112.2o7[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@videoegg.adbureau[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@mcclatchy.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ad.adtegrity[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@pbh.adbureau[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.topix[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.clubplanet[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adserver3.teracent[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@brightcove.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@richmedia.yahoo[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.vertmarkets[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@pt.crossmediaservices[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@redorbit[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@list[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@rotator.its.adjuggler[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@4.adbrite[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@centralmediaserver[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@salesforce.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@realnetworks.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@roi.clicklab[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.adbrite[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@buildabear.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.fredericksburg[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.dealtime[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@blockbuster[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@tremor.adbureau[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@clickbank[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@tracker.wholinked[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@mysweetcarolina.tripod[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@2.adbrite[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.active[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@viacomedycentralrl.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@html[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@saksfifthavenue.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@networksolutions.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@stat.errclean[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@stpetersburgtimes.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@incisivemedia.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@maxmedia.educationworld[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@travelnetsolutions.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@monstercom.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@web4.realtracker[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.gayot[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@phillyburbscom.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cz4.clickzs[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@medianewsgroup[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@69553378[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@bellglobemediapublishing.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@collective-media[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ezzs.valueclick[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@tracking.coorslight[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@1069206730[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@statse.webtrendslive[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@zillow.adbureau[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@rcntelecom.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@inl.adbureau[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@eyewonder[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@eremedia.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@www.clickondetroit[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adserver.easyad[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ctvtsgtv.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@scholastic.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@track.bestbuy[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@cvs.pnimedia[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@rocku.adbureau[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@tase[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adv.webmd[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@drnatura.112.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@media.mtvnservices[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@adv.medscape[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@qnsr[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@serving-sys[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@blindscom.122.2o7[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@76226072[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.keloland[1].txt
C:\Documents and Settings\Sheila\Cookies\sheila@ads.medbanner[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@112.2o7[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@247realmedia[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@2o7[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ad.yieldmanager[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adbrite[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adecn[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adinterax[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adknowledge[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adlegend[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adopt.euroclick[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adopt.specificclick[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adrevolver[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adrevolver[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.adbrite[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.addynamix[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.buddyprofile[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.cartoonnetwork[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.cnn[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.expedia[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.iconator[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.movieweb[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.pointroll[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.realtechnetwork[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ads.stardoll[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adserver[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adtech[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adv.webmd[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@advertising[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@aff.primaryads[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@anad.tacoda[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@anat.tacoda[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@apmebf[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@as-eu.falkag[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@as-us.falkag[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@atdmt[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@atwola[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@azjmp[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@bannerads.zwire[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@bannerads[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@belnk[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@bluestreak[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@brightcove.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@bs.serving-sys[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@burstnet[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@casalemedia[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@cbs.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@citi.bridgetrack[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@clickondetroit[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@cnn.122.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@coolsavings[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@data2.perf.overture[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@data3.perf.overture[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@data4.perf.overture[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@dist.belnk[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@doubleclick[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@e-2dj6wjkywpazobo.stats.esomniture[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@eb.adbureau[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ecnext.advertserve[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@edge.ru4[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-accuweather.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-adidas.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-adidasus.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-bskyb.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-classmates.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-hollywoodmedia.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-knightridder.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-learningco.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-nestleusainc.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-newscientist.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-pharmacia.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-talbots.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-tsvgroup.hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-upperdeck.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-viacom.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@emedia.citizensvoice[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@entrepreneur.us.intellitxt[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@entrepreneur[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@fastclick[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@financialcontent.advertserve[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@focusin.ads.targetnet[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@hc2.humanclick[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@hitbox[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@i.screensavers[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@icc.intellisrv[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@indextools[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@interclick[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@journalregistercompany.122.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@kanoodle[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@keywordmax[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@linksynergy[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@livenation.122.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@m1.webstats4u[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@maxmedia.educationworld[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@media.adrevolver[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@media.mtvnservices[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@mediaplex[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@msnportal.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@networksolutions.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@nextag[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@optimost[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@overture[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@partner2profit[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@perf.overture[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@petsunitedllc.122.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@phg.hitbox[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@phillyburbscom.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@polo.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@pro-market[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@questionmarket[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@raymoursfurniturecompanyinc.122.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@realmedia[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@realnetworks.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@reduxads.valuead[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@reunioncom.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@revenue[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@revsci[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@richmedia.yahoo[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@riverdeep.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@roiservice[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@rotator.adjuggler[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@s.clickability[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@sales.liveperson[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@server.iad.liveperson[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@server2.mediatakeout[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@serving-sys[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@sixapart.adbureau[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@smileycentral[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@snapfish.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@specificclick[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@spylog[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@stat.onestat[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@statcounter[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@stats.manticoretechnology[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@statse.webtrendslive[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@tacoda[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@targetnet[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ticketsnow[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@tradedoubler[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@trafficmp[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@tremor.adbureau[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@tribalfusion[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@valueclick[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@valueclick[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@vhost.oddcast[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ww3.shoshkeles[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@www.burstbeacon[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@www.burstnet[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@www.clickondetroit[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@www.entrepreneur[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@www.ticketsnow2[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@www.ticketsnow[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@xiti[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@yadro[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@z1.adserver[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@zedo[2].txt
C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adprofile[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.buddyprofile[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.op-design[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.vnuemedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adtech[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[2].txt
C:\Documents and Settings\Guest\Cookies\guest@c7.zedo[1].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-airtran.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-wachovia.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@goclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@hlwd.valueclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@icc.intellisrv[2].txt
C:\Documents and Settings\Guest\Cookies\guest@media.fastclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@nextag[2].txt
C:\Documents and Settings\Guest\Cookies\guest@overture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt
C:\Documents and Settings\Guest\Cookies\guest@s.clickability[1].txt
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[1].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt
C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
C:\Documents and Settings\Guest\Cookies\guest@valueclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@z1.adserver[2].txt
C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
C:\Documents and Settings\Sheila\Cookies\sheila@Stats[2].txt

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR
C:\WINDOWS\PREFETCH\YAZZLE1552OINADMIN.EXE-3231BBC3.PF
C:\WINDOWS\PREFETCH\YAZZLEBUNDLE-1122.EXE-0A70446A.PF

Adware.SurfSideKick
C:\DOCUMENTS AND SETTINGS\CAROLINE\APPLICATION DATA\SSKKNWRD.DLL

Unclassified.Unknown Origin
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20050829-185239-505.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0067294.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0067295.EXE

Adware.DelFin Project
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PCS\PCSVC.DLL_TOBEDELETED.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0067299.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP908\A0067808.EXE

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0067293.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0067296.EXE

Adware.WildMedia/Midaddle
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0067298.DLL

Trojan.Downloader-Gen/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0067300.EXE














Incident Status Location

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@anm.co[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@bfast[1].txt
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@bilbo.counted[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@bravenet[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@centrport[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@cgi-bin[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@ct.360i[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@errorsafe[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@go[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@searchportal.information[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@target[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Caroline\Cookies\caroline@www.errorsafe[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Guest\Cookies\guest@centrport[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\guest@com[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Sheila\Cookies\sheila@anm.co[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Sheila\Cookies\sheila@bravenet[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sheila\Cookies\sheila@ct.360i[1].txt
Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\Sheila\Cookies\sheila@dbbsrv[2].txt
Spyware:Cookie/Pollstar Not disinfected C:\Documents and Settings\Sheila\Cookies\sheila@pollstar[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Sheila\Cookies\sheila@searchportal.information[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sheila\Cookies\sheila@target[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Sheila\Desktop\ComboFix.exe[nircmd.exe]
Virus:Generic Malware Disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Virus:Generic Trojan Disinfected C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:adware/sidesearch Not disinfected C:\WINDOWS\sepsd.bin
Adware:adware/cydoor Not disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:37 PM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://prudential.truelogic.com.au/download/CfxIEAx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://prea.webex.com/client/v_mywebex/training/ieatgpc.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 8064 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 25 September 2007 - 05:10 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\QOOBOX
C:\WINDOWS\sepsd.bin
C:\WINDOWS\SYSTEM32\cd_clint.dll

Download and install CCleaner:
http://www.ccleaner.com/download/builds/downloading-slim

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
*Note*
Do not use the Issues block to clean anything with this program.
It is for experts only and it is risky.

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked.
In the Advanced section,have a check only on Old PreFetch Data.

Click on the Options block on the left.
Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan.
Click on the Cleaner block on the left.
Choose the Windows tab.
Click the Run Cleaner button.
This process could take a while.
When CCleaner shows how much has been removed,cleaning is finished.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
How to prevent Malware by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users