Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer.. I Think. And Lots Of Others Apparently


  • This topic is locked This topic is locked
9 replies to this topic

#1 Spec

Spec

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 February 2006 - 03:21 AM

here it is:

Logfile of HijackThis v1.99.1
Scan saved at 3:05:45 AM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Common Files\AOL\1134792741\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\awvtt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ipbynth] C:\WINDOWS\System32\ipbynth.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134792741\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?cbebb6079d640d7baa1ff1796147e71
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?cbebb6079d640d7baa1ff1796147e71
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


m

#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:27 AM

Posted 04 February 2006 - 08:53 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Spec

Spec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 February 2006 - 09:14 AM

VundoFix V4.2.16
Scan started at 9:04:37 AM 2/4/2006

Listing files found while scanning....

C:\WINDOWS\System32\awvtt.dll
C:\WINDOWS\System32\ttvwa.ini
C:\WINDOWS\System32\ttvwa.bak1
C:\WINDOWS\System32\ttvwa.bak2

C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak2
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\awvtt.dll
Attempting to delete C:\WINDOWS\System32\awvtt.dll
C:\WINDOWS\System32\awvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ttvwa.ini
C:\WINDOWS\System32\ttvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\ttvwa.bak1
C:\WINDOWS\System32\ttvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\ttvwa.bak2
C:\WINDOWS\System32\ttvwa.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 9:12:24 AM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Common Files\AOL\1134792741\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ipbynth] C:\WINDOWS\System32\ipbynth.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134792741\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?cbebb6079d640d7baa1ff1796147e71
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?cbebb6079d640d7baa1ff1796147e71
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:27 AM

Posted 04 February 2006 - 09:16 AM

Click here to download ewido anti-malware - it is a trial version of the program.
  • Install ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen.
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Spec

Spec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 February 2006 - 11:29 AM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:19:27 AM, 2/4/2006
+ Report-Checksum: F34C0F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Melissa Changcoco\Application Data\Netscape\NSB\Profiles\ex2a2rve.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@247realmedia[2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@3.adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@bannerfarm.ace.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@counter.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@data.coremetrics[2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@data2.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@data3.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@e-2dj6wfl4omdzcgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@e-2dj6wgkoqmdpslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@e-2dj6wjmiqiazegp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-airtran.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-ati.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-fandango.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-hollywood.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-inforspaceinc.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-oreilly.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-samsungusa.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-theviptour.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-uniontrib.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg-warnerbrothers.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@microsoftwga.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@techrepublic.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@test.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@torstardigital.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@tribuneinteractive.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@www.directnetadvertising[1].txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Cookies\melissa changcoco@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\installer_MARKETING35.exe -> Downloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Local Settings\Temp\Cookies\melissa changcoco@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Local Settings\Temp\Cookies\melissa changcoco@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Local Settings\Temp\Cookies\melissa changcoco@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Melissa Changcoco\Local Settings\Temp\i45.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\04D92B72-B82F-4548-8D0C-452A93\860E4974-55E4-403E-9950-C95A9E -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\TMP_FILE_1.tmp -> Trojan.Imiserv.c : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 11:20:53 AM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Common Files\AOL\1134792741\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ipbynth] C:\WINDOWS\System32\ipbynth.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134792741\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?cbebb6079d640d7baa1ff1796147e71
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?cbebb6079d640d7baa1ff1796147e71
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:27 AM

Posted 04 February 2006 - 02:33 PM

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ipbynth] C:\WINDOWS\System32\ipbynth.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab


Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 Spec

Spec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 February 2006 - 04:34 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:32:36 PM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1134792741\ee\AOLSoftware.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Opera\Opera.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134792741\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?cbebb6079d640d7baa1ff1796147e71
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?cbebb6079d640d7baa1ff1796147e71
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:27 AM

Posted 04 February 2006 - 04:45 PM

Looks better - how is it now?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#9 Spec

Spec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 05 February 2006 - 01:12 AM

Its FANTASTIC!! Thanks for all your help. It is greatly appreciated.

#10 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:27 AM

Posted 05 February 2006 - 06:22 AM

You're welcome - glad to help :thumbsup:

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users