Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan-spy.win32@mx


  • This topic is locked This topic is locked
15 replies to this topic

#1 youngblood

youngblood

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 10 November 2006 - 07:07 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:55:01, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QualityCodec\isamonitor.exe
C:\Program Files\QualityCodec\pmsngr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\QualityCodec\pmmon.exe
C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QualityCodec\isamini.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - C:\Program Files\QualityCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\~DP281.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe" "ZyXEL\USB ADSL"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Bore type] C:\DOCUME~1\YOUNGB~1\APPLIC~1\PLUSGL~1\Jugs jump.exe
O4 - HKCU\..\Run: [win-xp] winis.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunServices: [win-xp] winis.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:08:56 AM

Posted 10 November 2006 - 07:28 AM

Hello, and Posted Image
My name is Kairis and I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and
    by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean!
    If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
Please follow my steps in the right order...

We'll start with this:
Step1:
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by
some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes.
Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Step2:
Please download ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step3:
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file.
Make sure that AVG Anti-Spyware is closed before installing the update.

Step4:
Please download Combofix
to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Step5:
In your next reply, please include the following logs: AVG A-S log, Fresh Hijackthis,Combofix log and SmitfraudFix report. Thanks.

Edited by kairis, 10 November 2006 - 07:38 AM.


#3 youngblood

youngblood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 10 November 2006 - 05:50 PM

Hey Kairis, thank you for your help. Here are the reports.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:39:42 10/11/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} -> Adware.Generic : Ignored.
HKU\S-1-5-21-1190878773-2167018285-4179721234-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Ignored.
HKU\S-1-5-21-1190878773-2167018285-4179721234-1006\Software\Internet Security -> Adware.IntCodec : Ignored.
C:\Program Files\NewDotNet -> Adware.NewDotNet : Ignored.
C:\Program Files\NewDotNet\newdotnet7_22.dll_tobedeleted -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP454\A0062383.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP454\A0062384.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP454\A0062385.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP472\A0073664.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0086966.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0085882.exe -> Adware.Pesttrap : Ignored.
C:\WINDOWS\system32\PDF4634.dll -> Adware.SafeGuard : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0085880.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0085881.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0085883.exe -> Adware.Spysheriff : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066815.sys -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066816.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066817.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066818.ini -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066819.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066820.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066822.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066823.cpl -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066824.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066826.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066827.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066828.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066829.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066830.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066831.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066832.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066835.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066836.sys -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP469\A0067601.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP469\A0067602.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP469\A0067603.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP469\A0067604.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP470\A0069777.dll -> Adware.WinAntiVirus : Ignored.
HKU\S-1-5-21-1190878773-2167018285-4179721234-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Ignored.
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Ignored.
:mozilla.304:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.190:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.35:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.36:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.37:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.38:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.41:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.281:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.282:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.283:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.293:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.649:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Youngblood\Cookies\youngblood@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.360:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.361:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.362:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.794:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.795:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.796:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.343:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.344:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.31:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.32:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.33:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.34:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.45:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adviva : Ignored.
:mozilla.25:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.278:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.279:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.280:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.412:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickhype : Ignored.
:mozilla.740:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickhype : Ignored.
C:\Documents and Settings\Youngblood\Cookies\youngblood@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Ignored.
:mozilla.142:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.143:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.144:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.145:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.251:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.253:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.425:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.426:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.427:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.428:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.429:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.430:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.431:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.432:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.433:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.434:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.417:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Com : Ignored.
C:\Documents and Settings\Youngblood\Cookies\youngblood@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.298:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Cqcounter : Ignored.
:mozilla.8:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Youngblood\Cookies\youngblood@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.28:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.29:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.30:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Youngblood\Cookies\youngblood@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.129:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.130:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.134:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.135:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.545:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Komtrack : Ignored.
:mozilla.779:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Masterstats : Ignored.
:mozilla.40:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.210:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Onestat : Ignored.
:mozilla.211:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Onestat : Ignored.
:mozilla.212:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Onestat : Ignored.
:mozilla.806:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.807:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.808:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.809:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.810:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.811:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.812:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.813:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.814:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.815:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.816:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.409:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.643:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.644:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.645:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.646:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.647:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.100:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.101:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.102:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.103:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.54:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.55:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.56:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.57:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.58:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.59:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.60:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.61:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.62:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.63:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.64:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.65:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.66:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.67:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.68:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.69:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.70:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.71:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.72:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.73:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.74:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.75:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.76:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.77:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.78:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.79:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.80:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.81:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.82:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.83:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.84:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.85:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.86:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.87:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.88:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.89:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.90:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.91:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.92:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.93:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.94:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.95:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.96:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.97:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.98:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.99:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.104:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexlist : Ignored.
:mozilla.105:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexlist : Ignored.
:mozilla.106:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexlist : Ignored.
:mozilla.107:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.108:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.109:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.110:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.111:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.112:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.113:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.147:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.155:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.156:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.250:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.252:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sextracker : Ignored.
:mozilla.653:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.654:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.305:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.
:mozilla.306:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.
:mozilla.162:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.163:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.164:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.334:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yadro : Ignored.
:mozilla.335:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yadro : Ignored.
:mozilla.299:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.300:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.301:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.302:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.303:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.


::Report end

Youngblood - 06-11-10 22:41:37.29 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Youngblood\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


2006-11-10 20:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-10 20:32 4,428 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-10 20:31 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-10 20:31 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-10 20:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-10 20:31 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-25 14:03 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-25 14:03 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-25 14:03 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-25 14:03 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-25 14:03 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-10-19 15:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-10-19 15:29 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-10-19 15:29 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-10 22:40 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-10 22:08 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\Skype
2006-11-10 21:08 -------- d-------- C:\Program Files\Morpheus
2006-11-10 21:00 -------- d-------- C:\Program Files\Hijackthis
2006-11-10 20:36 -------- d-------- C:\Program Files\Grisoft
2006-11-10 15:05 41170 --a------ C:\Documents and Settings\Youngblood\Application Data\wklnhst.dat
2006-11-10 11:49 -------- d-a------ C:\Program Files\Common Files
2006-11-10 11:49 -------- d-------- C:\Program Files\PCPitstop
2006-11-10 11:49 -------- d-------- C:\Program Files\Common Files\Scanner
2006-11-10 10:18 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\AVG7
2006-11-09 14:37 -------- d-------- C:\Program Files\AntiVerminsPro
2006-11-09 14:27 -------- d-a-s---- C:\Program Files\NewDotNet
2006-11-08 20:50 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\Google
2006-11-08 20:35 -------- d-------- C:\Program Files\QualityCodec
2006-11-03 14:53 -------- d-------- C:\Program Files\BitComet
2006-11-03 14:42 -------- d-------- C:\Program Files\BitLord
2006-10-31 17:07 -------- d-------- C:\Program Files\Picasa2
2006-10-25 15:23 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-25 14:02 -------- d---s---- C:\Documents and Settings\Youngblood\Application Data\Microsoft
2006-10-25 02:15 -------- d-------- C:\Program Files\Azureus
2006-10-24 21:47 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\Azureus
2006-10-18 02:12 -------- d-------- C:\Program Files\Google
2006-10-10 13:54 -------- d-------- C:\Program Files\PowerISO
2006-10-08 21:10 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\My Games
2006-10-08 21:02 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-08 20:59 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-08 20:52 -------- d-------- C:\Program Files\Firaxis Games
2006-10-07 16:29 107132 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-10-05 21:07 -------- d-------- C:\Program Files\Warez P2P Client
2006-10-05 21:07 -------- d-------- C:\Program Files\LimeWire
2006-10-05 19:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-05 19:55 -------- d-------- C:\Program Files\MSN Messenger
2006-10-04 10:53 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\Morpheus
2006-10-03 21:26 -------- d-------- C:\Program Files\MorpheusBar
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Bore type"="C:\\DOCUME~1\\YOUNGB~1\\APPLIC~1\\PLUSGL~1\\Jugs jump.exe"
"win-xp"="winis.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"win-xp"="winis.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"EzButton"="C:\\Program Files\\EzButton\\EzButton.EXE"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"CpRmtKey"="\"C:\\Program Files\\TOSHIBA\\Toshiba Controls\\CpRmtKey.EXE\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.25.0\\gnotify.exe"
"win-xp"="winis.exe"
"CnxDslTaskBar"="\"C:\\Program Files\\ZyXEL\\USB ADSL\\CnxDslTb.exe\" \"ZyXEL\\USB ADSL\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SCDEmuApp.exe"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"win-xp"="winis.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,62,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Program Files\\QualityCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Program Files\\QualityCodec\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A22D61B290A71296.job

Completion time: 06-11-10 22:43:38.35
C:\ComboFix.txt ... 06-11-10 22:43
C:\ComboFix2.txt ... 06-11-10 20:42

Logfile of HijackThis v1.99.1
Scan saved at 22:44:53, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QualityCodec\pmsngr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QualityCodec\pmmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - C:\Program Files\QualityCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\~DP281.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe" "ZyXEL\USB ADSL"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Progr

#4 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:08:56 AM

Posted 11 November 2006 - 05:23 AM

Hi, please run SmitfraudFix...
===========================================================
At first we'll disable TrojanHunter Guard (it may hinder the cleaning process)
-> Disable TrojanHunter Guard by right clicking on the icon in your System Tray.
-> Make sure that the program, TrojanHunter itself, is also closed/not running.
===========================================================
Download NoLop.exe to your desktop from one of the following mirrors:

http://www.thespykiller.co.uk/forum/index....=tpmod;dl=get16

http://www.greyknight17.com/spy/NoLop.exe

  • Close any other programs you have running as this will require a reboot.
  • Double click NoLop.exe to run it.
  • Now click the button labeled 'Search and Destroy'.
  • When scanning is finished you will be prompted to reboot only if infected. Click OK.
  • Now click the 'Reboot' button. A message should pop up from NoLop. If not, double click the program again and it will finish.
Post the contents of C:\NoLop.log here.

If you receive an error 'mscomctl.ocx or one of its dependencies are not correctly registered', then download the mscomctl.ocx file from http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder then rerun the NoLop.
===========================================================
In your next reply, please include the following logs:Fresh Hijackthis, SmitfraudFix report and NoLop report. Thanks.

Edited by kairis, 11 November 2006 - 06:01 AM.


#5 youngblood

youngblood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 11 November 2006 - 08:35 AM

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Youngblood
[11/11/2006]
[13:25:37]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A22D61B290A71296.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Hyperbar
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Toshiba
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Youngblood\Application Data\Adobe
C:\Documents and Settings\Youngblood\Application Data\Adobeum
C:\Documents and Settings\Youngblood\Application Data\Apple Computer
C:\Documents and Settings\Youngblood\Application Data\Avg7
C:\Documents and Settings\Youngblood\Application Data\Azureus
C:\Documents and Settings\Youngblood\Application Data\Drag'n Drop Cd+dvd
C:\Documents and Settings\Youngblood\Application Data\Google
C:\Documents and Settings\Youngblood\Application Data\Hyperbar
C:\Documents and Settings\Youngblood\Application Data\Identities
C:\Documents and Settings\Youngblood\Application Data\Intervideo
C:\Documents and Settings\Youngblood\Application Data\Lavasoft
C:\Documents and Settings\Youngblood\Application Data\Macromedia
C:\Documents and Settings\Youngblood\Application Data\Microsoft
C:\Documents and Settings\Youngblood\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Youngblood\Application Data\Morpheus
C:\Documents and Settings\Youngblood\Application Data\Mozilla
C:\Documents and Settings\Youngblood\Application Data\Msn6
C:\Documents and Settings\Youngblood\Application Data\My Games
C:\Documents and Settings\Youngblood\Application Data\Omniquad
C:\Documents and Settings\Youngblood\Application Data\Pc Tools
C:\Documents and Settings\Youngblood\Application Data\Roxio
C:\Documents and Settings\Youngblood\Application Data\Skype
C:\Documents and Settings\Youngblood\Application Data\Sun
C:\Documents and Settings\Youngblood\Application Data\Symantec
C:\Documents and Settings\Youngblood\Application Data\Systweak
C:\Documents and Settings\Youngblood\Application Data\Talkback
C:\Documents and Settings\Youngblood\Application Data\Toshiba
C:\Documents and Settings\Youngblood\Application Data\Vlc

SmitFraudFix v2.120

Scan done at 13:30:55.82, 11/11/2006
Run from C:\Documents and Settings\Youngblood\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Youngblood


C:\Documents and Settings\Youngblood\Application Data


Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\YOUNGB~1\FAVORI~1


Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

C:\Program Files

C:\Program Files\QualityCodec\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"

Logfile of HijackThis v1.99.1
Scan saved at 13:31:59, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QualityCodec\pmsngr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QualityCodec\pmmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - C:\Program Files\QualityCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\~DP281.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe" "ZyXEL\USB ADSL"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bore type] C:\DOCUME~1\YOUNGB~1\APPLIC~1\PLUSGL~1\Jugs jump.exe
O4 - HKCU\..\Run: [win-xp] winis.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunServices: [win-xp] winis.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NoLop.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#6 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:08:56 AM

Posted 11 November 2006 - 10:06 AM

Hello youngblood, thanks for the logs.
Lets continue.
Step1:
Click on start, settings, control panel and double-click on Add or Remove Programs.
From within Add or Remove Programs uninstall the following if they exist:
win-xp
Bore type

Then reboot your computer - IMPORTANT

Step2:
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode,
because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Step3:
Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
winis.exe<==You will have to do a Search for this one using Windows Search Function
C:\DOCUME~1\YOUNGBLOOD\APPLICATIONS\PLUSGL...<==(Something)Folder

Step4:
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and
press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected.
You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste
the content of that report into your next reply along with a fresh HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Step5:
clean up Temp files:
Start > Run
then: cleanmgr
Step6:
Please rerun Combofix.
Step7:
In your next reply, please include the following logs: Combofix report, Fresh Hijackthis, and Smitfraud report. Thanks.

#7 youngblood

youngblood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 11 November 2006 - 12:06 PM

Youngblood - 06-11-11 17:01:11.06 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Youngblood\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-11-10 22:47 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-10 22:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-10 22:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-10 22:47 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-10 20:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-10 20:32 4,296 --a------ C:\WINDOWS\system32\tmp.reg
2006-10-25 14:03 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-25 14:03 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-25 14:03 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-25 14:03 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-25 14:03 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-10-19 15:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-10-19 15:29 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-10-19 15:29 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 16:57 41312 --a------ C:\Documents and Settings\Youngblood\Application Data\wklnhst.dat
2006-11-11 16:56 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\Skype
2006-11-11 16:55 -------- d-------- C:\Program Files\Morpheus
2006-11-11 13:50 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-11 13:31 -------- d-------- C:\Program Files\Hijackthis
2006-11-11 13:24 -------- d-------- C:\Program Files\TrojanHunter 4.2
2006-11-11 09:27 -------- d-a-s---- C:\Program Files\NewDotNet
2006-11-11 08:00 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\AVG7
2006-11-10 20:36 -------- d-------- C:\Program Files\Grisoft
2006-11-10 11:49 -------- d-a------ C:\Program Files\Common Files
2006-11-10 11:49 -------- d-------- C:\Program Files\PCPitstop
2006-11-10 11:49 -------- d-------- C:\Program Files\Common Files\Scanner
2006-11-09 14:37 -------- d-------- C:\Program Files\AntiVerminsPro
2006-11-08 20:50 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\Google
2006-11-03 14:53 -------- d-------- C:\Program Files\BitComet
2006-11-03 14:42 -------- d-------- C:\Program Files\BitLord
2006-10-31 17:07 -------- d-------- C:\Program Files\Picasa2
2006-10-25 15:23 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-25 14:02 -------- d---s---- C:\Documents and Settings\Youngblood\Application Data\Microsoft
2006-10-25 02:15 -------- d-------- C:\Program Files\Azureus
2006-10-24 21:47 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\Azureus
2006-10-18 02:12 -------- d-------- C:\Program Files\Google
2006-10-10 13:54 -------- d-------- C:\Program Files\PowerISO
2006-10-08 21:10 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\My Games
2006-10-08 21:02 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-08 20:59 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-08 20:52 -------- d-------- C:\Program Files\Firaxis Games
2006-10-07 16:29 107132 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-10-05 21:07 -------- d-------- C:\Program Files\Warez P2P Client
2006-10-05 21:07 -------- d-------- C:\Program Files\LimeWire
2006-10-05 19:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-05 19:55 -------- d-------- C:\Program Files\MSN Messenger
2006-10-04 10:53 -------- d-------- C:\Documents and Settings\Youngblood\Application Data\Morpheus
2006-10-03 21:26 -------- d-------- C:\Program Files\MorpheusBar
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Bore type"="C:\\DOCUME~1\\YOUNGB~1\\APPLIC~1\\PLUSGL~1\\Jugs jump.exe"
"win-xp"="winis.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"win-xp"="winis.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"EzButton"="C:\\Program Files\\EzButton\\EzButton.EXE"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"CpRmtKey"="\"C:\\Program Files\\TOSHIBA\\Toshiba Controls\\CpRmtKey.EXE\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.25.0\\gnotify.exe"
"win-xp"="winis.exe"
"CnxDslTaskBar"="\"C:\\Program Files\\ZyXEL\\USB ADSL\\CnxDslTb.exe\" \"ZyXEL\\USB ADSL\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SCDEmuApp.exe"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"win-xp"="winis.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-11 17:01:42.53
C:\ComboFix.txt ... 06-11-11 17:01
C:\ComboFix2.txt ... 06-11-10 22:43
C:\ComboFix3.txt ... 06-11-10 20:42


SmitFraudFix v2.120

Scan done at 16:39:42.06, 11/11/2006
Run from C:\Documents and Settings\Youngblood\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\QualityCodec\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

Logfile of HijackThis v1.99.1
Scan saved at 17:03:28, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - C:\Program Files\QualityCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\~DP281.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe" "ZyXEL\USB ADSL"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bore type] C:\DOCUME~1\YOUNGB~1\APPLIC~1\PLUSGL~1\Jugs jump.exe
O4 - HKCU\..\Run: [win-xp] winis.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [win-xp] winis.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#8 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:08:56 AM

Posted 11 November 2006 - 01:24 PM

You have to disable AVG Guard:
Click on Change state next to Resident shield. It should now change to inactive.
============================================================
Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
C:\Program Files\NewDotNet<==File
============================================================
Now we'll need to remove a couple of registry entries.
Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as fix.reg (set Filetype to "All Files") and save it on your Desktop.
REGEDIT4
  
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
  "win-xp"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
  "win-xp"=-
Now Locate and DoubleClick fix.reg-> Allow it to merge into the Registry!
============================================================
With all other windows closed, start your HijackThis and Click "Do a System Scan Only"
Click in the check-box to the left of each of the following entries, if found:
O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - C:\Program Files\QualityCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\~DP281.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKCU\..\Run: [win-xp] winis.exe
O4 - HKCU\..\RunServices: [win-xp] winis.exe
Select Fix Checked
============================================================
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\hpdj.exe (file missing)<- this looks like a Hewlett-Packard file but rarely with they place files in a Temporary folder. Please have look at the properties of the file and let me know all about it. Do not do anything else until I reply.
============================================================
Please rerun AVG A-S:
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    Under "Reports"Select "Automatically generate report after every scan"
    Un-Select "Only if threats were found"
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
============================================================
Reset and Re-enable your System Restore
We need to do this to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Click Start Run ( type: SYSDM.CPL ) OK
  • Click the System Restore tab.
  • Check - Turn off System Restore.
  • Click Apply.
  • Uncheck - Turn off System Restore.
  • Click OK.
You have now flushed your previous System Restore points, so we will make a new one again since your computer is already clean.
  • Go to Start All Programs Accessories System Tools, and select System Restore
  • In the System Restore prompt, select: Create a restore point
  • Click Next
  • Give a description to the new Restore Point. (Something like: Clean PC)
  • Click Create
  • Then close the window
============================================================
In your next reply, please include the following logs: Fresh Hijackthis, and AVG A-S report. Thanks.

Edited by kairis, 11 November 2006 - 01:46 PM.


#9 youngblood

youngblood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 11 November 2006 - 06:36 PM

The fix.reg application failed to initialise, should I go ahead with the rest of the procedure ??

#10 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:08:56 AM

Posted 12 November 2006 - 03:14 AM

Yes, please.
Try it now.

REGEDIT4
  
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
  "win-xp"=-

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
  "win-xp"=-

Edited by kairis, 12 November 2006 - 03:29 AM.


#11 youngblood

youngblood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 12 November 2006 - 09:07 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:56:02 12/11/2006

+ Scan result:



HKU\S-1-5-21-1190878773-2167018285-4179721234-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP454\A0062383.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP454\A0062384.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP454\A0062385.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP472\A0073664.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0086966.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0085882.exe -> Adware.Pesttrap : Cleaned with backup (quarantined).
C:\WINDOWS\system32\PDF4634.dll -> Adware.SafeGuard : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0085880.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0085881.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP479\A0085883.exe -> Adware.Spysheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066815.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066816.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066817.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066818.ini -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066819.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066820.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066822.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066823.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066824.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066826.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066827.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066828.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066829.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066830.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066831.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066832.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066835.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP468\A0066836.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP469\A0067601.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP469\A0067602.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP469\A0067603.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP469\A0067604.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB5F3EC1-A90B-4DC1-A75F-2F1D1DE8FF96}\RP470\A0069777.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-1190878773-2167018285-4179721234-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.268:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.329:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.130:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.131:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.132:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.133:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.134:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.135:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.136:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.137:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.138:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.139:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.148:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.154:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.155:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.156:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.157:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.162:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.164:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.165:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.179:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.669:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Youngblood\Cookies\youngblood@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.423:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.424:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.425:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.799:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.800:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.801:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.105:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.107:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.264:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.265:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.266:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.267:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.119:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.106:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.373:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.374:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.375:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.454:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.754:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Youngblood\Cookies\youngblood@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.124:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.125:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.126:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.127:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.140:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.141:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.142:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.143:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.144:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.145:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.362:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.363:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.466:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.467:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.468:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.469:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.470:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.471:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.459:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Youngblood\Cookies\youngblood@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.129:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Youngblood\Cookies\youngblood@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.261:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.262:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.263:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Youngblood\Cookies\youngblood@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.288:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.289:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.290:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.570:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.190:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.104:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.211:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.212:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.213:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.115:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.116:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.117:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.811:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.812:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.813:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.814:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.815:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.816:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.817:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.818:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.819:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.820:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.821:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Youngblood\Cookies\youngblood@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.451:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.663:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.664:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.665:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.666:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.667:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.41:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.83:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.217:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.218:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.219:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.220:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.673:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.674:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Youngblood\Cookies\youngblood@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.377:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.378:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.112:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.113:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.114:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.402:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.403:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.158:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.159:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.160:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.161:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.163:C:\Documents and Settings\Youngblood\Application Data\Mozilla\Firefox\Profiles\pygkboru.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 14:04:00, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe" "ZyXEL\USB ADSL"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bore type] C:\DOCUME~1\YOUNGB~1\APPLIC~1\PLUSGL~1\Jugs jump.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [win-xp] winis.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#12 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:08:56 AM

Posted 12 November 2006 - 11:02 AM

Start in Safe Mode Using the F8 method:

* Restart the computer.
* As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press the Enter key.
************************************************************************
Make sure that you can see hidden files.
  • Click Start.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
************************************************************************
Now perform a search for these files and delete all instances. Windows XP's search feature is a little different.
When you click on 'All files and folders' on the left panel, click on the 'More advanced options' at the bottom.
Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.
winis.exe
************************************************************************
With all other windows closed, start your HijackThis and Click "Do a System Scan Only"
Click in the check-box to the left of each of the following entries, if found:
O4 - HKCU\..\Run: [Bore type] C:\DOCUME~1\YOUNGB~1\APPLIC~1\PLUSGL~1\Jugs jump.exe
O4 - HKCU\..\RunServices: [win-xp] winis.exe
Select Fix Checked
************************************************************************
Restart in to normal mode.
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply
    and send fresh HJT log.




O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\hpdj.exe (file missing)<- this looks like a Hewlett-Packard file but rarely with they place files in a Temporary folder. Please have look at the properties of the file and let me know all about it. Do not do anything else until I reply.

#13 youngblood

youngblood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 14 November 2006 - 04:20 PM

Scanned:

* Files: 27114
* System: 5198
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{4F68753B-CD4F-40F8-8C51-E479D0D07814}.BIN
* C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
* C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE
* C:\WINDOWS\$NTUNINSTALLKB826939$\RPCRT4.DLL
* C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-11-14
* F-Secure AVP: 7.0.171, 2006-11-14
* F-Secure Orion: 1.2.37, 2006-11-14
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-08-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Logfile of HijackThis v1.99.1
Scan saved at 21:17:16, on 14/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CEngine Object - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\TOSHIBA\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\USB ADSL\CnxDslTb.exe" "ZyXEL\USB ADSL"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~4\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\YOUNGB~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#14 youngblood

youngblood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 14 November 2006 - 04:28 PM

That hpdj.exe doesn't seem to exist under the specified folder . It turns up on HJT though, how do I check it's properties ??

#15 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:08:56 AM

Posted 15 November 2006 - 01:58 AM

hpdj.exe is related to HP printer drivers. It is strange that this file is located
in %temp% (temporary) folder, but run as a service. It is recommended that you disable it.
http://www.spyany.com/files/hpdj_exe.html

"Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update to the latest version..."
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 from
    here
  • Scroll down to where it says "Windows Offline Installation"
  • Click the "Download" button to the right.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name:

    Java 1.5.0.5

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on Java to install the newest version.
Looks good! Your log is clean!

You can delete all of the tools that I had you download for us to use.
I'd recommend keeping AVG Anti-Spyware, as it's an excellent program that will compliment your antivirus protection.

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and enable system restore here:

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above
Next,
This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

Edited by kairis, 15 November 2006 - 02:04 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users