Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Believe That My System Is Still Infected With A Virus


  • This topic is locked This topic is locked
27 replies to this topic

#1 mnw

mnw

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 10 January 2008 - 12:24 PM

Hello everyone or anyone,

I got a virus a few days ago which was of course reaking havoc on my computer. So I installed Spybot Search and Destroy and Avg antivius. (I had MacAfee, but that was acting funny so I uninstalled that and installed the AVG) .They seemed to take care of the obvious problems pop ups and such but now my internet connection is very inconsistent or non existent, sometimes when I restart the computer I can get it back to normal briefly but the computer just doesn't seem like it's running smoothly. Here is my Hijackthis log if anyone can assist me in cleaning this mess up:

Thanks,
Malikha

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:53 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\imc2 VPN\cvpnd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirect...c01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirect...c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\KENSIN~1\MouseWorks\IE_KMW.DLL (file missing)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: imc2 Cisco VPN Client.lnk = C:\Program Files\imc2 VPN\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {DDC642D3-18C4-44E8-8A4E-158B0615D790} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178511367592
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Unknown owner - C:\DOCUME~1\MALIKH~1\LOCALS~1\Temp\95390.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\imc2 VPN\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

--
End of file - 12248 bytes

BC AdBot (Login to Remove)

 


m

#2 mnw

mnw
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 13 January 2008 - 01:47 PM

Hello again,

Can someone at lease tell me if my Hijackthis log looks clean.

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:46 AM

Posted 25 January 2008 - 02:15 PM

Hi Mnw!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Sorry that it took us so long to get back to you, but as you can see we're stumped with the amout of logs.

Before we can start, please post a fresh hijackthis log back here.

Edited by Baabiouz, 25 January 2008 - 02:15 PM.

Posted Image

#4 mnw

mnw
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 25 January 2008 - 02:40 PM

Hi Baabiouz,

Thanks alot. I appreciate the reply and totally understand the back up. I look forward to working with you.
Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:05 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\imc2 VPN\cvpnd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\malikha nicole\My Documents\downloads\Trillian\trillian.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\MALIKH~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\MALIKH~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\LandlordMax\LandlordMax.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirect...c01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirect...c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\KENSIN~1\MouseWorks\IE_KMW.DLL (file missing)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: imc2 Cisco VPN Client.lnk = C:\Program Files\imc2 VPN\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {DDC642D3-18C4-44E8-8A4E-158B0615D790} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178511367592
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\imc2 VPN\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

--
End of file - 12701 bytes

#5 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:46 AM

Posted 26 January 2008 - 03:03 AM

Link

Hi!

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.


Step #1
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

Ask Jeeves Toolbar
- Here is more about this toolbar
This is optional, if you don't want to remove it, you can keep it :blink:

Step #2
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\KENSIN~1\MouseWorks\IE_KMW.DLL (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


If you removed Ask Jeeves Toolbar, Checkmark also these lines:

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL



Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Step #3
Please do the following...

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Do not run it yet.

Step #4
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
AVG Anti-Spyware
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update successful message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG antispyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Step #5
Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Step #6
In safe mode
If you removed Ask Jeeves Toolbar:
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\AskPBar

Step #7
In safe mode
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

Step #8
In safe mode
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do not automatically generate reports and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.

Step #9
Please post a fresh HijackThis log and AVG Anti-Spyware results back here :thumbsup:
Posted Image

#6 mnw

mnw
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 26 January 2008 - 10:04 AM

Hi,

One question before I begin, I already have AVG installed do you want me to re-install it?

-mnw

#7 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:46 AM

Posted 26 January 2008 - 10:41 AM

Hi!

I can see only AVG7 (antivirus). This AVG Anti-Spyware is different program like your AVG7 :thumbsup: But if you have this AVG Anti-Spyware it's ok. (then you don't have to re-install/download it)

Edited by Baabiouz, 26 January 2008 - 10:43 AM.

Posted Image

#8 mnw

mnw
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 26 January 2008 - 02:40 PM

Oh right. I will install that then. Thanks.

#9 mnw

mnw
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 28 January 2008 - 08:13 AM

Here goes:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:19:58 PM 1/27/2008

+ Scan result:



HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1256799619-1417818515-3399203189-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Adware.Generic : Cleaned with backup (quarantined).
[416] VM_13140000 -> Downloader.Agent.ggt : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.222:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.227:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.229:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.232:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.233:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.349:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.391:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.458:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.469:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.500:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.650:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.694:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.305:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.306:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.392:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.393:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.90:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.317:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.370:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.371:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.560:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.561:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.562:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.563:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.564:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.565:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.566:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.567:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.568:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.569:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.570:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.571:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.572:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.573:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.574:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.575:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.576:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.577:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.578:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.579:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.580:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.581:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.582:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.583:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.584:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.585:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.586:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.587:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.588:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.150:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.465:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.180:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.438:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.446:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.280:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.281:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.282:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.297:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.265:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.266:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.364:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.73:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.755:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.756:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.757:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.758:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.759:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.760:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.97:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.98:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.434:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.435:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.436:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.437:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.242:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.243:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.244:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.245:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.246:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.247:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.248:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.249:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.250:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.251:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.252:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.253:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.254:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.259:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.260:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.684:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.685:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.686:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.440:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.373:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.374:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.375:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.376:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.377:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.378:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.379:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.380:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.381:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.382:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.383:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.384:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.600:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.601:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.702:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.703:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.704:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.761:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.149:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.164:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.140:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.141:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.142:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.143:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.425:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.89:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.91:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.92:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.93:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.104:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.742:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.59:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.123:C:\Documents and Settings\malikha nicole\Application Data\Mozilla\Firefox\Profiles\tdam1ioe.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\wnsapiicomsv32.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\smtpdrv.sys -> Worm.Agent.l : Cleaned with backup (quarantined).


::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:44 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\Program Files\imc2 VPN\cvpnd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirect...c01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirect...c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: imc2 Cisco VPN Client.lnk = C:\Program Files\imc2 VPN\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {DDC642D3-18C4-44E8-8A4E-158B0615D790} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178511367592
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\imc2 VPN\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

--
End of file - 11633 bytes

#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:46 AM

Posted 28 January 2008 - 12:52 PM

Hi!

Step #1
Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
(At installing Zonealarm, please uncheck this option "include a ZoneAlarm Spy Blocker...". The Toolbar is not recommended... You can read more about it here.)
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Step #2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 4 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.
Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Step #3
Please post a fresh HijackThis log back here :thumbsup:

Do you have problems? Does your computer works better?
Posted Image

#11 mnw

mnw
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 28 January 2008 - 08:31 PM

Hello,
I'm trying to install ZoneAlarm but I keep getting this message that says vsmon.exe-Ordinal Not Found the ordinal 55 could not be located in thr dynamic link library VSDATA.dll

#12 mnw

mnw
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 29 January 2008 - 03:11 PM

I'm having internet connectivity problems.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:59 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\Program Files\imc2 VPN\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\malikha nicole\My Documents\downloads\Trillian\trillian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirect...c01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirect...c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: imc2 Cisco VPN Client.lnk = C:\Program Files\imc2 VPN\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {DDC642D3-18C4-44E8-8A4E-158B0615D790} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178511367592
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\imc2 VPN\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

--
End of file - 12120 bytes

#13 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:46 AM

Posted 30 January 2008 - 09:06 AM

Hi!

I'm sorry, I don't have any ideas to fix that problem (ZoneAlarm). If you can't install Zonealarm, please try install other Firewall :blink:
(I'm using Comodo and it is working OK :thumbsup: )


Let's run DSS:

Please download Deckard's System Scanner to your Desktop


* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Please post Main.txt and Extra.txt

Edited by Baabiouz, 30 January 2008 - 09:06 AM.

Posted Image

#14 mnw

mnw
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:46 AM

Posted 30 January 2008 - 11:15 AM

I installed Comodo and it seems to be connecting better now.


Deckard's System Scanner v20071014.68
Run by malikha nicole on 2008-01-30 11:06:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-01-30 16:06:49 UTC - RP314 - Deckard's System Scanner Restore Point
12: 2008-01-30 02:29:22 UTC - RP313 - Agnitum Outpost Firewall 1.0 Installation
11: 2008-01-29 15:42:59 UTC - RP312 - Installed Java™ 6 Update 4
10: 2008-01-29 15:30:41 UTC - RP311 - Removed Java™ 6 Update 2
9: 2008-01-29 15:27:57 UTC - RP310 - Removed Java™ SE Runtime Environment 6 Update 1


-- First Restore Point --
1: 2008-01-22 01:32:58 UTC - RP302 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as malikha nicole.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:05 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\kkw_run.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
c:\Program Files\imc2 VPN\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\malikha nicole\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\malikha nicole.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirect...c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: imc2 Cisco VPN Client.lnk = C:\Program Files\imc2 VPN\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {DDC642D3-18C4-44E8-8A4E-158B0615D790} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178511367592
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\imc2 VPN\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

--
End of file - 11022 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080127-213027-108 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20080127-213027-298 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080127-213027-713 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080127-213027-933 O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\KENSIN~1\MouseWorks\IE_KMW.DLL (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Xek30 - c:\windows\system32\drivers\xek30.sys
R0 Xek63 - c:\windows\system32\drivers\xek63.sys
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 smtpdrv - c:\windows\system32\drivers\smtpdrv.sys (file missing)
R3 KKW_HID (Kensington HIDClass Filter Driver) - c:\windows\system32\drivers\kkw_hid.sys <Not Verified; Kensington Technology Group; KKW>

S1 EACMOS - c:\windows\system32\drivers\eacmos.sys (file missing)
S1 EAWDMFD - c:\windows\system32\drivers\eawdmfd.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 USB2_04 (USB2_04 driver) - c:\windows\system32\drivers\nkv2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_104C&DEV_8400&SUBSYS_3B011186&REV_00\4&1351887D&0&20F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_104C&DEV_8400&SUBSYS_3B011186&REV_00\4&1351887D&0&20F0
Service:

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Kensington PS/2 Mouse Driver
Device ID: ACPI\PNP0F13\4&268D196D&0
Manufacturer: Kensington Technology Group
Name: Kensington PS/2 Mouse Driver
PNP Device ID: ACPI\PNP0F13\4&268D196D&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-01-30 03:00:00 324 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-01-24 22:21:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-30 and 2008-01-30 -----------------------------

2008-01-30 10:13:03 0 d-------- C:\Documents and Settings\malikha nicole\Application Data\Comodo
2008-01-30 10:13:02 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-30 10:13:01 0 d-------- C:\Program Files\COMODO
2008-01-30 08:19:39 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-29 21:29:40 0 d-------- C:\Program Files\Common Files\Agnitum Shared
2008-01-29 21:29:35 0 d-------- C:\Program Files\Agnitum
2008-01-29 16:03:29 50816 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-01-29 10:43:05 0 d-------- C:\Program Files\Common Files\Java
2008-01-28 17:34:56 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-28 17:34:43 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-28 17:34:33 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-01-28 17:33:23 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-27 21:36:24 0 d-------- C:\Documents and Settings\malikha nicole\Application Data\Grisoft
2008-01-25 09:58:03 0 d-------- C:\Program Files\iPod
2008-01-25 09:57:44 0 d-------- C:\Program Files\iTunes
2008-01-24 17:39:04 0 d-------- C:\Documents and Settings\malikha nicole\.jfreereport
2008-01-24 17:36:47 0 d-------- C:\Program Files\LandlordMax
2008-01-10 12:21:47 0 d-------- C:\Program Files\Trend Micro
2008-01-09 09:12:15 24832 --a------ C:\WINDOWS\system32\drivers\Xek63.sys
2008-01-07 10:50:22 0 d-------- C:\Documents and Settings\malikha nicole\Application Data\PC-FAX TX
2008-01-05 19:33:04 0 dr-h----- C:\$VAULT$.AVG
2008-01-05 18:23:10 0 d-------- C:\Documents and Settings\malikha nicole\Application Data\AVG7
2008-01-05 18:22:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-05 18:22:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-05 18:22:27 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-04 21:38:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 21:11:22 21760 --a------ C:\WINDOWS\Xek30.sys
2008-01-04 18:24:51 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-01-04 18:23:38 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-01-04 17:46:53 0 d-------- C:\Program Files\Router
2008-01-04 17:42:28 0 d--hs---- C:\WINDOWS\bWFsaWtoYSBuaWNvbGU
2008-01-04 17:37:39 0 d-------- C:\Program Files\Outerinfo
2008-01-04 17:37:38 0 d-------- C:\WINDOWS\s?mbols
2008-01-04 17:36:59 0 d-------- C:\Program Files\S?mantec
2008-01-04 17:31:30 0 d-------- C:\Program Files\Temporary
2008-01-04 17:31:30 0 d-------- C:\Program Files\kernel
2008-01-04 17:22:54 21760 --a------ C:\WINDOWS\system32\drivers\Xek30.sys


-- Find3M Report ---------------------------------------------------------------

2008-01-30 10:57:06 0 d-------- C:\Documents and Settings\malikha nicole\Application Data\Skype
2008-01-29 21:29:40 0 d-------- C:\Program Files\Common Files
2008-01-29 10:44:19 0 d-------- C:\Program Files\Java
2008-01-25 09:55:15 0 d-------- C:\Program Files\QuickTime
2008-01-04 17:38:47 0 d-------- C:\Program Files\S?mantec
2008-01-04 17:27:29 10 --a------ C:\Program Files\.autoreg
2007-12-04 15:25:18 0 d-------- C:\Program Files\Hooked on Phonics Learning
2007-12-04 03:01:14 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-03 20:25:58 0 d-------- C:\Program Files\Windows Live
2007-12-03 20:24:56 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 09:22 AM]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [07/24/2001 04:34 PM]
"Smapp"="Smtray.exe" [05/31/2001 09:32 PM C:\WINDOWS\system32\SMTray.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 05:02 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 01:25 PM]
"MSWheel"="" []
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"kmw_run.exe"="kmw_run.exe" [09/01/2005 09:43 AM C:\WINDOWS\system32\kmw_run.exe]
"kkw_run.exe"="kkw_run.exe" [12/15/2005 03:00 PM C:\WINDOWS\system32\kkw_run.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 01:45 PM]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [05/24/2002 07:47 AM]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [06/20/2002 02:06 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [05/24/2002 07:46 AM]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [08/15/2001 12:50 PM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 11:18 AM]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 06:46 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/06/2008 09:32 AM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 07:52 PM]
"OutpostFeedBack"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" []
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [01/30/2008 10:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [08/31/2007 04:40 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [5/7/2007 10:09:08 PM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 6:16:50 PM]
imc2 Cisco VPN Client.lnk - C:\Program Files\imc2 VPN\vpngui.exe [7/21/2007 8:41:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xek30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xek63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


*Newly Created Service* - CMDAGENT
*Newly Created Service* - CMDGUARD
*Newly Created Service* - CMDHLP
*Newly Created Service* - INSPECT



-- End of Deckard's System Scanner: finished at 2008-01-30 11:12:17 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1279.42 MiB / 633.28 MiB
Pagefile Memory (total/avail): 3053.62 MiB / 2415.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.63 GiB total, 46.8 GiB free.
D: is Fixed (FAT32) - 3.89 GiB total, 1.55 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 4D080H4 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 70.63 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 3.9 GiB - D:

\\.\PHYSICALDRIVE1 - Brother MFC-440CN USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirewallOverride is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\malikha nicole\\Local Settings\\Temp\\{C697D10C-160A-46F5-BE07-29DE933B562F}\\{4B5E17D7-C0CF-4CC3-8870-0181D622B93C}\\k_update.exe"="C:\\Documents and Settings\\malikha nicole\\Local Settings\\Temp\\{C697D10C-160A-46F5-BE07-29DE933B562F}\\{4B5E17D7-C0CF-4CC3-8870-0181D622B93C}\\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web."
"C:\\Documents and Settings\\malikha nicole\\Local Settings\\Temp\\{7753503C-F260-4421-861D-F111CD6C41BF}\\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\\k_update.exe"="C:\\Documents and Settings\\malikha nicole\\Local Settings\\Temp\\{7753503C-F260-4421-861D-F111CD6C41BF}\\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web."
"C:\\Documents and Settings\\malikha nicole\\My Documents\\downloads\\Trillian\\trillian.exe"="C:\\Documents and Settings\\malikha nicole\\My Documents\\downloads\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\malikha nicole\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MALIKHA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\malikha nicole
LOGONSERVER=\\MALIKHA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MALIKH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MALIKH~1\LOCALS~1\Temp
USERDOMAIN=MALIKHA
USERNAME=malikha nicole
USERPROFILE=C:\Documents and Settings\malikha nicole
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (new local, admin)
malikha nicole (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=f:\adobe creative suite 2.0/lang=0409
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Compaq Advisor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL
Compaq WinDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Easy Access Button Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93539D60-1817-11D1-9504-00805F26A89C}\setup.exe" -uninst
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hooked on Phonics Letter Names --> C:\WINDOWS\unvise32.exe C:\Program Files\Hooked on Phonics Learning\Hooked on Phonics Letter Names\uninstal.log
Hooked on Phonics Letter Sounds --> C:\WINDOWS\unvise32.exe C:\Program Files\Hooked on Phonics Learning\Hooked on Phonics Letter Sounds\uninstal.log
hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 1.0 - HP Photosmart Printer Series --> MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7}
InterVideo Installer --> "C:\Program Files\Compaq\Installer\IVIUninstaller.exe" "C:\Program Files\Compaq\Installer"
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kensington Keyboard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B5E17D7-C0CF-4CC3-8870-0181D622B93C}\setup.exe" -l0x9 -u
Kensington MouseWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\setup.exe" -l0x9 -u
kernel --> "C:\Program Files\kernel\kernel.exe" -uninstall
LandlordMax 3.11e --> C:\Program Files\LandlordMax\uninstall.exe
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Legacy USB Camera Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultipleIEs --> "C:\Program Files\MultipleIEs\unins000.exe"
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
PaperPort --> MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PE Photo --> C:\Program Files\PE Photo\uninst.exe
Photosmart 130,230,7150,7345,7350,7550 (Remove only) --> C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Router --> C:\Program Files\Router\UnInstall.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shipping Assistant 3.2 --> MsiExec.exe /X{15C77FC3-8137-4A5E-8F81-F559045DD6B0}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX2 --> C:\Program Files\Analog Devices\SoundMAX 2\ADIOUT.BAT
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Trillian --> C:\Documents and Settings\malikha nicole\My Documents\downloads\Trillian\trillian.exe /uninstall
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}


-- Application Event Log -------------------------------------------------------

Event Record #/Type5987 / Warning
Event Submitted/Written: 01/30/2008 10:20:06 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type5986 / Warning
Event Submitted/Written: 01/30/2008 10:20:06 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type5985 / Warning
Event Submitted/Written: 01/30/2008 10:19:57 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type5984 / Warning
Event Submitted/Written: 01/30/2008 10:19:57 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type5983 / Warning
Event Submitted/Written: 01/30/2008 10:19:48 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12358 / Warning
Event Submitted/Written: 01/30/2008 11:00:19 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12357 / Warning
Event Submitted/Written: 01/30/2008 10:33:00 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12354 / Warning
Event Submitted/Written: 01/30/2008 10:19:21 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12337 / Error
Event Submitted/Written: 01/30/2008 10:18:46 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
i8042prt

Event Record #/Type12332 / Warning
Event Submitted/Written: 01/30/2008 09:59:57 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-30 11:12:17 ------------

#15 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:46 AM

Posted 01 February 2008 - 12:19 AM

Hi!

Step #1
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

Kernel

Please note any other programs that you dont recognize in that list in your next response


Step #2
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

__________________________________________________________

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xek30.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xek63.sys]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


Step #3
Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

c:\windows\system32\drivers\xek30.sys
c:\windows\system32\drivers\xek63.sys
c:\windows\system32\drivers\nkv2.sys
C:\WINDOWS\Xek30.sys
C:\WINDOWS\bWFsaWtoYSBuaWNvbGU
C:\Program Files\Outerinfo
C:\WINDOWS\s?mbols
C:\Program Files\S?mantec
C:\Program Files\Temporary
C:\Program Files\kernel
C:\Program Files\.autoreg


Return to OTMoveIt, right click on the "Paste Standard List of Files/Folders to Move" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Step #4
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #5
Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Step #6
Please post a fresh HijackThis log, Kaspersky results and Gmer log back here :thumbsup:
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users