Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Displaying Cid Ads In Ie 7


  • This topic is locked This topic is locked
10 replies to this topic

#1 K.O

K.O

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:01 AM

Posted 21 January 2008 - 09:06 PM

I have a malware that displays ads in IE 7. This happens even if I don't use I have run scans in Adaware, Spybot S & D and Norton Anitivirus 2008, Housecall. But all of them don't fix my problem.

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:03 PM, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro Ann\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: (null) integard
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [System Files Updater] "C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" /S
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro Ann\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tick tool] C:\DOCUME~1\Ann\APPLIC~1\TRAYBA~1\support debug else.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8235 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:31 PM

Posted 21 January 2008 - 09:18 PM

Hello K.O,

Welcome to Bleeping Computer :thumbsup:

Uninstall the following via Add/Remove Programs, if present :

CiD Help
Download Plugin for Internet Explorer
Zone Media
Netpumper


In case, during the uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window.

Then reboot. Important!

* Download Deljob.exe and save it to your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 K.O

K.O
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:01 AM

Posted 21 January 2008 - 09:48 PM

Here are the new logs.

Deljob log:
--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

LiveUpdate.job
Norton AntiVirus - Run Full System Scan - Ann.job
Spybot - Search & Destroy - Scheduled Task.job
System Restore.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is B43D-5E4E

Directory of C:\Documents and Settings\Ann\Application Data

22/01/2008 10:39 AM <DIR> .
22/01/2008 10:39 AM <DIR> ..
30/11/2007 01:34 PM <DIR> Ahead
29/10/2007 02:55 AM <DIR> APPLEC~1 Apple Computer
17/11/2007 05:20 PM <DIR> BITTYR~1 BitTyrant
15/10/2007 06:06 AM <DIR> Brother
18/12/2007 02:31 PM <DIR> Comodo
11/10/2007 07:06 AM <DIR> DivX
27/11/2007 07:42 AM <DIR> dvdcss
17/10/2007 02:10 PM <DIR> GETRIG~1 GetRightToGo
03/01/2008 08:16 AM <DIR> Hamachi
11/10/2007 06:42 AM <DIR> IDENTI~1 Identities
23/10/2007 02:49 PM <DIR> iPodder
17/01/2008 09:56 PM <DIR> LimeWire
26/10/2007 10:21 AM <DIR> MACROM~1 Macromedia
15/01/2008 12:17 PM <DIR> MICROS~1 Microsoft
07/12/2007 12:06 PM <DIR> mIRC
11/10/2007 07:38 AM <DIR> Mozilla
04/11/2007 03:46 PM <DIR> NJStar
25/12/2007 03:57 AM <DIR> Orbit
31/10/2007 04:04 PM <DIR> PCTOOL~1 PCToolsFirewallPlus
13/10/2007 02:58 PM <DIR> QQ
13/10/2007 02:58 PM <DIR> QQUpdate
12/10/2007 10:33 AM <DIR> Real
13/01/2008 09:33 PM <DIR> Styler
16/10/2007 02:24 PM <DIR> Sun
19/11/2007 06:31 AM <DIR> SYSTEM~1 SystemRequirementsLab
12/10/2007 07:24 AM <DIR> Tencent
18/12/2007 12:16 PM <DIR> TRAYBA~1 Traybarblite
15/01/2008 11:14 AM <DIR> ViStart
16/10/2007 12:01 PM <DIR> vlc
12/10/2007 10:16 AM <DIR> WinRAR
0 File(s) 0 bytes
32 Dir(s) 11,168,751,616 bytes free
Volume in drive C has no label.
Volume Serial Number is B43D-5E4E

Directory of C:\Documents and Settings\All Users\Application Data

22/01/2008 11:31 AM <DIR> .
22/01/2008 11:31 AM <DIR> ..
29/10/2007 02:53 AM <DIR> APPLEC~1 Apple Computer
20/10/2007 11:50 AM <DIR> billeo
06/10/2007 04:22 AM <DIR> Brother
18/12/2007 02:20 PM <DIR> Comodo
19/01/2008 05:35 PM <DIR> GetRight
06/10/2007 04:23 AM <DIR> INSTAL~1 InstallShield
06/10/2007 03:59 AM <DIR> Lavasoft
07/10/2007 08:33 AM <DIR> MACROM~1 Macromedia
06/10/2007 03:49 AM <DIR> MAILFR~1 MailFrontier
20/01/2008 11:45 PM <DIR> MESSEN~1 Messenger Plus!
15/01/2008 12:02 PM <DIR> MICROS~1 Microsoft
04/12/2007 01:47 PM <DIR> MICROS~2 Microsoft Help
05/10/2007 03:36 AM <DIR> Nero
06/10/2007 06:12 AM <DIR> OFFICE~1 Office Genuine Advantage
18/12/2007 12:13 PM <DIR> OPENAN~1 Open Ante Anti Dog
29/11/2007 03:48 PM <DIR> PCTOOL~1 PC Tools
07/10/2007 08:27 AM <DIR> QUICKT~1 QuickTime
06/10/2007 04:17 AM <DIR> Real
06/10/2007 04:06 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
12/10/2007 07:23 AM <DIR> SRSLAB~1 SRS Labs
08/01/2008 08:39 AM <DIR> Symantec
18/12/2007 02:16 PM <DIR> TEMP
09/10/2007 10:52 AM <DIR> WINDOW~2 Windows Genuine Advantage
06/10/2007 03:22 PM <DIR> WINDOW~1 Windows Live Toolbar
0 File(s) 0 bytes
26 Dir(s) 11,168,747,520 bytes free
--------------------------------------------------------

HijackThis Log:
--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

LiveUpdate.job
Norton AntiVirus - Run Full System Scan - Ann.job
Spybot - Search & Destroy - Scheduled Task.job
System Restore.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is B43D-5E4E

Directory of C:\Documents and Settings\Ann\Application Data

22/01/2008 10:39 AM <DIR> .
22/01/2008 10:39 AM <DIR> ..
30/11/2007 01:34 PM <DIR> Ahead
29/10/2007 02:55 AM <DIR> APPLEC~1 Apple Computer
17/11/2007 05:20 PM <DIR> BITTYR~1 BitTyrant
15/10/2007 06:06 AM <DIR> Brother
18/12/2007 02:31 PM <DIR> Comodo
11/10/2007 07:06 AM <DIR> DivX
27/11/2007 07:42 AM <DIR> dvdcss
17/10/2007 02:10 PM <DIR> GETRIG~1 GetRightToGo
03/01/2008 08:16 AM <DIR> Hamachi
11/10/2007 06:42 AM <DIR> IDENTI~1 Identities
23/10/2007 02:49 PM <DIR> iPodder
17/01/2008 09:56 PM <DIR> LimeWire
26/10/2007 10:21 AM <DIR> MACROM~1 Macromedia
15/01/2008 12:17 PM <DIR> MICROS~1 Microsoft
07/12/2007 12:06 PM <DIR> mIRC
11/10/2007 07:38 AM <DIR> Mozilla
04/11/2007 03:46 PM <DIR> NJStar
25/12/2007 03:57 AM <DIR> Orbit
31/10/2007 04:04 PM <DIR> PCTOOL~1 PCToolsFirewallPlus
13/10/2007 02:58 PM <DIR> QQ
13/10/2007 02:58 PM <DIR> QQUpdate
12/10/2007 10:33 AM <DIR> Real
13/01/2008 09:33 PM <DIR> Styler
16/10/2007 02:24 PM <DIR> Sun
19/11/2007 06:31 AM <DIR> SYSTEM~1 SystemRequirementsLab
12/10/2007 07:24 AM <DIR> Tencent
18/12/2007 12:16 PM <DIR> TRAYBA~1 Traybarblite
15/01/2008 11:14 AM <DIR> ViStart
16/10/2007 12:01 PM <DIR> vlc
12/10/2007 10:16 AM <DIR> WinRAR
0 File(s) 0 bytes
32 Dir(s) 11,168,751,616 bytes free
Volume in drive C has no label.
Volume Serial Number is B43D-5E4E

Directory of C:\Documents and Settings\All Users\Application Data

22/01/2008 11:31 AM <DIR> .
22/01/2008 11:31 AM <DIR> ..
29/10/2007 02:53 AM <DIR> APPLEC~1 Apple Computer
20/10/2007 11:50 AM <DIR> billeo
06/10/2007 04:22 AM <DIR> Brother
18/12/2007 02:20 PM <DIR> Comodo
19/01/2008 05:35 PM <DIR> GetRight
06/10/2007 04:23 AM <DIR> INSTAL~1 InstallShield
06/10/2007 03:59 AM <DIR> Lavasoft
07/10/2007 08:33 AM <DIR> MACROM~1 Macromedia
06/10/2007 03:49 AM <DIR> MAILFR~1 MailFrontier
20/01/2008 11:45 PM <DIR> MESSEN~1 Messenger Plus!
15/01/2008 12:02 PM <DIR> MICROS~1 Microsoft
04/12/2007 01:47 PM <DIR> MICROS~2 Microsoft Help
05/10/2007 03:36 AM <DIR> Nero
06/10/2007 06:12 AM <DIR> OFFICE~1 Office Genuine Advantage
18/12/2007 12:13 PM <DIR> OPENAN~1 Open Ante Anti Dog
29/11/2007 03:48 PM <DIR> PCTOOL~1 PC Tools
07/10/2007 08:27 AM <DIR> QUICKT~1 QuickTime
06/10/2007 04:17 AM <DIR> Real
06/10/2007 04:06 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
12/10/2007 07:23 AM <DIR> SRSLAB~1 SRS Labs
08/01/2008 08:39 AM <DIR> Symantec
18/12/2007 02:16 PM <DIR> TEMP
09/10/2007 10:52 AM <DIR> WINDOW~2 Windows Genuine Advantage
06/10/2007 03:22 PM <DIR> WINDOW~1 Windows Live Toolbar
0 File(s) 0 bytes
26 Dir(s) 11,168,747,520 bytes free
--------------------------------------------------------

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:31 PM

Posted 21 January 2008 - 09:57 PM

Hello,

You didn't include a HijackThis log. Could you post a new one please?? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 K.O

K.O
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:01 AM

Posted 22 January 2008 - 04:41 AM

Oops, my bad. I repost them. :thumbsup:

Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:45 PM, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro Ann\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: (null) integard
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro Ann\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tick tool] C:\DOCUME~1\Ann\APPLIC~1\TRAYBA~1\support debug else.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8211 bytes

deljob:
--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

LiveUpdate.job
Norton AntiVirus - Run Full System Scan - Ann.job
Spybot - Search & Destroy - Scheduled Task.job
System Restore.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is B43D-5E4E

Directory of C:\Documents and Settings\Ann\Application Data

22/01/2008 10:39 AM <DIR> .
22/01/2008 10:39 AM <DIR> ..
30/11/2007 01:34 PM <DIR> Ahead
29/10/2007 02:55 AM <DIR> APPLEC~1 Apple Computer
17/11/2007 05:20 PM <DIR> BITTYR~1 BitTyrant
15/10/2007 06:06 AM <DIR> Brother
18/12/2007 02:31 PM <DIR> Comodo
11/10/2007 07:06 AM <DIR> DivX
27/11/2007 07:42 AM <DIR> dvdcss
17/10/2007 02:10 PM <DIR> GETRIG~1 GetRightToGo
03/01/2008 08:16 AM <DIR> Hamachi
11/10/2007 06:42 AM <DIR> IDENTI~1 Identities
23/10/2007 02:49 PM <DIR> iPodder
17/01/2008 09:56 PM <DIR> LimeWire
26/10/2007 10:21 AM <DIR> MACROM~1 Macromedia
15/01/2008 12:17 PM <DIR> MICROS~1 Microsoft
07/12/2007 12:06 PM <DIR> mIRC
11/10/2007 07:38 AM <DIR> Mozilla
04/11/2007 03:46 PM <DIR> NJStar
25/12/2007 03:57 AM <DIR> Orbit
31/10/2007 04:04 PM <DIR> PCTOOL~1 PCToolsFirewallPlus
13/10/2007 02:58 PM <DIR> QQ
13/10/2007 02:58 PM <DIR> QQUpdate
12/10/2007 10:33 AM <DIR> Real
13/01/2008 09:33 PM <DIR> Styler
16/10/2007 02:24 PM <DIR> Sun
19/11/2007 06:31 AM <DIR> SYSTEM~1 SystemRequirementsLab
12/10/2007 07:24 AM <DIR> Tencent
18/12/2007 12:16 PM <DIR> TRAYBA~1 Traybarblite
15/01/2008 11:14 AM <DIR> ViStart
16/10/2007 12:01 PM <DIR> vlc
12/10/2007 10:16 AM <DIR> WinRAR
0 File(s) 0 bytes
32 Dir(s) 11,150,475,264 bytes free
Volume in drive C has no label.
Volume Serial Number is B43D-5E4E

Directory of C:\Documents and Settings\All Users\Application Data

22/01/2008 11:31 AM <DIR> .
22/01/2008 11:31 AM <DIR> ..
29/10/2007 02:53 AM <DIR> APPLEC~1 Apple Computer
20/10/2007 11:50 AM <DIR> billeo
06/10/2007 04:22 AM <DIR> Brother
18/12/2007 02:20 PM <DIR> Comodo
19/01/2008 05:35 PM <DIR> GetRight
06/10/2007 04:23 AM <DIR> INSTAL~1 InstallShield
06/10/2007 03:59 AM <DIR> Lavasoft
07/10/2007 08:33 AM <DIR> MACROM~1 Macromedia
06/10/2007 03:49 AM <DIR> MAILFR~1 MailFrontier
20/01/2008 11:45 PM <DIR> MESSEN~1 Messenger Plus!
15/01/2008 12:02 PM <DIR> MICROS~1 Microsoft
04/12/2007 01:47 PM <DIR> MICROS~2 Microsoft Help
05/10/2007 03:36 AM <DIR> Nero
06/10/2007 06:12 AM <DIR> OFFICE~1 Office Genuine Advantage
18/12/2007 12:13 PM <DIR> OPENAN~1 Open Ante Anti Dog
29/11/2007 03:48 PM <DIR> PCTOOL~1 PC Tools
07/10/2007 08:27 AM <DIR> QUICKT~1 QuickTime
06/10/2007 04:17 AM <DIR> Real
06/10/2007 04:06 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
12/10/2007 07:23 AM <DIR> SRSLAB~1 SRS Labs
08/01/2008 08:39 AM <DIR> Symantec
18/12/2007 02:16 PM <DIR> TEMP
09/10/2007 10:52 AM <DIR> WINDOW~2 Windows Genuine Advantage
06/10/2007 03:22 PM <DIR> WINDOW~1 Windows Live Toolbar
0 File(s) 0 bytes
26 Dir(s) 11,150,471,168 bytes free
--------------------------------------------------------

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:31 PM

Posted 22 January 2008 - 12:31 PM

Hello,

Thank you for that. :thumbsup:

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Navigate to and delete this folder :

C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog

Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 K.O

K.O
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:01 AM

Posted 22 January 2008 - 08:18 PM

Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:48 AM, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro Ann\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: (null) integard
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro Ann\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tick tool] C:\DOCUME~1\Ann\APPLIC~1\TRAYBA~1\support debug else.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8405 bytes

AVG scan log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:32:33 AM 23/01/2008

+ Scan result:



:mozilla.114:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.290:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.301:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.383:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.527:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.639:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.803:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ann\Cookies\ann@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Truong\Cookies\truong@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Truong\Cookies\truong@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Truong\Cookies\truong@msnportal.112.2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.576:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.577:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.154:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.155:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.156:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.157:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.160:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.161:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.162:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.164:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.165:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.166:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.167:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.363:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.364:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.173:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.174:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.208:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.209:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.210:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.211:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.393:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.394:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.165:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.166:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.167:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.171:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.172:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.173:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.174:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.234:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.39:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.67:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.15:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Ann\Cookies\ann@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Truong\Cookies\truong@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.169:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.170:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.68:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.625:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.243:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.244:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.530:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.40:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.546:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.186:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.187:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.188:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.189:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.190:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.191:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.65:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.86:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.251:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.254:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.489:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.562:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.589:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.594:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.595:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.442:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.443:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.444:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.445:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.446:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.280:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.281:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.720:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.10:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.12:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.152:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.153:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.814:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.70:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Truong\Cookies\truong@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Truong\Cookies\truong@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Truong\Cookies\truong@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.468:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.469:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.7:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.250:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.251:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.252:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.59:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.634:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.123:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.124:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.125:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.127:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.128:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.131:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.179:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.180:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.147:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.468:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.291:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.56:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.57:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.58:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.59:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.93:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.94:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.416:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.418:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.243:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.244:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.245:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.246:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.247:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.248:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.249:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.26:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.566:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.567:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.568:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.73:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.83:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.382:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.384:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.385:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.386:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.387:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.64:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.214:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.215:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.216:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.217:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.287:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\tck4icc3.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.74:C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\cx2i2t5m.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Ann\Cookies\ann@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Truong\Cookies\truong@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.152:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.153:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.154:C:\Documents and Settings\Truong\Application Data\Mozilla\Firefox\Profiles\pys49irp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:31 PM

Posted 22 January 2008 - 08:43 PM

Hello,

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u4.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro Ann\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O20 - AppInit_DLLs:


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

In your reply, please post a new HijackThis log and let me know how your computer is running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 K.O

K.O
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:01 AM

Posted 23 January 2008 - 01:57 AM

The ads have stopped.

HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:58 PM, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: (null) integard
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tick tool] C:\DOCUME~1\Ann\APPLIC~1\TRAYBA~1\support debug else.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7981 bytes

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:31 PM

Posted 23 January 2008 - 02:17 AM

Hello,

Looks good. :wacko: I do believe we're done. :blink:

You have some really good protectin in place, so you get spared "The Speech". :thumbsup:

http://mvps.org/winhelp2002/unwanted.htm

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:31 PM

Posted 31 January 2008 - 10:29 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users