Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant Clean Virus


  • Please log in to reply
43 replies to this topic

#1 Greg62157

Greg62157

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 16 November 2006 - 10:05 PM

I cant clean the virus off of my computer. Here's the symptoms according to my virus removal software packages:

Symantec catches a "Trojan.Elitebar" virus that it is unable to remove or quarantine.

Spybot finds three problems defined as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice, HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice
Of these three, it will clean the first one (controlset002) but it always returns.

AdWare finds problems but they are not always the same ones. Most recent run found these three:

Win32.Trojandownloader.Qoologic
VX2
Win32.Trojanloader

AdAware cleaned them but it constantly finds more the next time I run it.

XoftSpy finds a data mining file called "ClipGenie" located in C:\Windows\system32\explorer.dll and many "Viewpoint" files. It cleans the Viewpoint files but cannot clean the ClipGenie becasue it claims the file explorer.dll is in use.

Here's the HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 9:58:56 PM, on 11/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O20 - AppInit_DLLs: c:\windows\system32\explorer.dll spoolsv.dll ?
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


Please help. :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 Koc

Koc

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:37 PM

Posted 17 November 2006 - 11:43 AM

Hello Greg62157, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks

#3 Koc

Koc

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:37 PM

Posted 17 November 2006 - 12:07 PM

Hi!

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please run Hijackthis and place a check next to this item:

O20 - AppInit_DLLs: c:\windows\system32\explorer.dll spoolsv.dll ?

Please close all windows and browsers except Hijackthis and click "Fix Checked"

Reboot

Find and delete these Files/folders:
c:\windows\system32\explorer.dll

Reboot and post a new Hijackthislog and the log from ComboFix

#4 Greg62157

Greg62157
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 17 November 2006 - 12:53 PM

Thanks. I will follow your instructions later today when I get home. Thanks for helping.

#5 Greg62157

Greg62157
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 17 November 2006 - 05:29 PM

I ran combofix. Log is below. I ran HJT but this time the 020 App Init line you wanted me to erase did not appear. I rebooted and attempted to erase the explorer.dll file. I found it and attempted to delete it but it denied access saying the file might be in use. I ran HJT again to make sure it wasn't in the 020 line again and it was not. Combofix and HJT logs follow.....

Greg - 06-11-17 17:04:52.57 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Yelda Long\Application Data\Sskknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\redit.cpl
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\system32.dll
C:\Program Files\Common Files\mc-67-525-0000166.exe
C:\Program Files\Common Files\inetget2
C:\Program Files\DNS

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Greg\Application Data\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Greg\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\Greg\Application Data\SMANTE~1
C:\QooBox\Purity\Documents and Settings\Greg\My Documents\STEM~1
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\DOBE~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\ICROSO~1
C:\QooBox\Purity\Program Files\SEMBLY~1
C:\QooBox\Purity\Program Files\YMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\CURITY~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~2
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\SKS~1
C:\QooBox\Purity\Program Files\Common Files\YSTEM~1
C:\QooBox\Purity\Program Files\Common Files\CURITY~1\CURITY~1
C:\QooBox\Purity\Program Files\Common Files\CURITY~1\taskmgr.exe
C:\QooBox\Purity\Program Files\Common Files\RACLE~1\msdtc.exe
C:\QooBox\Purity\Program Files\Common Files\RACLE~1\?racle
C:\QooBox\Purity\Program Files\DOBE~1\w?aclt.exe
C:\QooBox\Purity\WINDOWS\ASKS~1
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\ASKS~1\ASKS~1
C:\QooBox\Purity\WINDOWS\ASKS~1\services.exe
C:\QooBox\Purity\WINDOWS\SYSTEM32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\DOBE~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\ECURIT~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\MCROSO~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\RACLE~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-17 to 2006-11-17 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-17 17:11 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-11-17 17:07 -------- d-a------ C:\Program Files\Common Files
2006-11-17 17:04 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-16 22:07 -------- d-------- C:\Program Files\Internet Explorer
2006-11-16 19:57 -------- d-------- C:\Documents and Settings\Greg\Application Data\Google
2006-11-16 19:54 -------- d-------- C:\Program Files\WebHost
2006-11-16 18:07 -------- d-------- C:\Program Files\XoftSpy
2006-11-13 15:26 -------- d-------- C:\Program Files\Google
2006-11-11 17:23 -------- d-------- C:\Program Files\SpywareGuard
2006-11-11 17:21 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-11 17:17 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-11 17:17 -------- d-------- C:\Program Files\AOL
2006-11-11 17:11 -------- d-------- C:\Program Files\AIM
2006-11-11 17:09 -------- d-------- C:\Program Files\AOD
2006-11-09 10:14 -------- d-------- C:\Program Files\LimeWire
2006-10-30 07:42 -------- d-------- C:\Documents and Settings\Greg\Application Data\Talkback
2006-10-29 20:43 -------- d-------- C:\Program Files\Adobe
2006-10-29 20:39 -------- d-------- C:\Program Files\Picasa2
2006-10-29 20:20 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-29 20:03 -------- d-------- C:\Program Files\iTunes
2006-10-29 20:02 -------- d-------- C:\Program Files\iPod
2006-10-29 20:00 -------- d-------- C:\Program Files\QuickTime
2006-10-29 16:48 337290 --a------ C:\Documents and Settings\Greg\Application Data\tizupd.bin
2006-10-29 16:48 24356 --a------ C:\Documents and Settings\Greg\Application Data\tizinf.xml
2006-10-29 16:48 10 --a------ C:\Documents and Settings\Greg\Application Data\tizhook.vers
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-17 07:28 721920 --a------ C:\WINDOWS\SYSTEM32\lsasrv.dll
2006-08-17 07:28 132096 --a------ C:\WINDOWS\SYSTEM32\wkssvc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1125536195\\ee\\AOLHostManager.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\RACLE~1\\msdtc.exe\" -vt ndrv"
@="C:\\PROGRA~1\\DOBE~1\\WACLT~1.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\RACLE~1\\msdtc.exe\" -vt ndrv"
@="C:\\PROGRA~1\\DOBE~1\\WACLT~1.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"fsemibrd.exe"="C:\\WINDOWS\\system\\fsemibrd.exe"
"morurduo.exe"="C:\\WINDOWS\\system\\morurduo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-11-17 17:11:38.81
C:\ComboFix.txt ... 06-11-17 17:11


HJT log was as follows......

Logfile of HijackThis v1.99.1
Scan saved at 5:17:48 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#6 Koc

Koc

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:37 PM

Posted 18 November 2006 - 04:16 PM

Reboot into safe mode (Press F8 Right after memory count)
In safe mode find and delete this file:

c:\windows\system32\explorer.dll

Reboot and post a new Hijackthislog

#7 Greg62157

Greg62157
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 18 November 2006 - 09:49 PM

While in safe mode, i was able to delete the explorer.dll file. I then ran Spybot and it found the HKEY problems I sent in the first posting and a tracking cookie called "Avenue A". The tracking cookie was removed and one of the three HKEY settings removed. The other two could not be removed. Here's the HJT after running Spybot:

Logfile of HijackThis v1.99.1
Scan saved at 9:36:11 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#8 Koc

Koc

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:37 PM

Posted 19 November 2006 - 09:05 AM

Perform an onlinescan with Panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a few minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together a fresh HijackThis log

#9 Greg62157

Greg62157
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 19 November 2006 - 07:22 PM

Panda found lots of stuff. Here's the Panda and HJT logs:


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[www.burstbeacon.com/]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Greg\Application Data\tizupd.bin[OINSetup.exe]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Greg\Cookies\greg@com[1].txt
Possible Virus. Not disinfected C:\Documents and Settings\Greg\Desktop\backups\backup-20061116-202406-919.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Greg\Desktop\Virus Removal Software\Nailfix\Nailfix\Process.exe
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.overture.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.atwola.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.target.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.did-it.com/]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Yelda Long\Application Data\tizupd.bin[OINSetup.exe]
Adware:adware/pacimedia Not disinfected C:\Documents and Settings\Yelda Long\Desktop\Click to Find and Fix Errors.url
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Yelda Long\Desktop\Setup.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Yelda Long\Desktop\SmileyCentralPFSetup2.1.50.3-3.ZNfox000.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Yelda Long\Local Settings\Temp\!update.exe
Possible Virus. Not disinfected C:\Program Files\Common Files\Authentium Shared\cvinstalled\cvv1.60.514\setup.msi[unk_0006][PrismC.dll.9C21D849_A4DF_4691_A5D0_6B218BE7B881]
Adware:Adware/WUpd Not disinfected C:\Program Files\InetGet\Adperform180safull.exe
Adware:Adware/PurityScan Not disinfected C:\QooBox\Purity\Program Files\Common Files\CURITY~1\taskmgr.exe
Adware:Adware/PurityScan Not disinfected C:\QooBox\Purity\Program Files\Common Files\RACLE~1\msdtc.exe
Possible Virus. Renamed C:\QooBox\Purity\Program Files\DOBE~1\w?aclt.exe
Adware:Adware/PurityScan Not disinfected C:\QooBox\Purity\WINDOWS\ASKS~1\services.exe
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-1008\Dc1.dll
Spyware:Spyware/BetterInet Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc12.tmp\thnall1ac.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1318.tmp
Adware:Adware/VirtualBouncer Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1335.exe
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1336.html
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1343\auto_update_uninstall.exe
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1343\setup.inf
Adware:Adware/WinAD Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1349\IncrediMail\imloader.exe
Adware:Adware/WinTools Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\tb3[1].cab[toolbar.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\webservice[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\webservice[2].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\webservice[3].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\webservice[4].htm
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\4XIRSHY7\AproposClientInstaller[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\4XIRSHY7\webservice[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\4XIRSHY7\webservice[2].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\4XIRSHY7\webservice[3].htm
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\UVJ54NN9\auto_update[1]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\UVJ54NN9\newmajorse2[1].cab
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\UVJ54NN9\webservice[1].htm
Spyware:Spyware/7r7t Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1365.exe
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1420.exe
Adware:Adware/Pacimedia Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2266.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2276.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2277.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2278.tmp
Adware:Adware/VirtualBouncer Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2282.exe
Spyware:Spyware/BetterInet Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc29\aurareco.exe
Adware:Adware/Comet Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc59\CC_43.inf
Adware:Adware/Comet Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc59\inst43.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc591.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc592.tmp
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc708.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc724.exe
Virus:Trj/Small.QS Disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc725.exe
Spyware:Spyware/7r7t Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc93.exe
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\cchnsiyv.exe
Adware:adware/bookedspace Not disinfected C:\WINDOWS\cfgmgr52.ini
Adware:Adware/Transponder Not disinfected C:\WINDOWS\htzxlnu.exe
Adware:Adware/Startpage.XM Not disinfected C:\WINDOWS\My404.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\SYSTEM32\246765-ventura-hot.exe[²ìÇ]
Virus:Trj/Downloader.BYZ Disinfected C:\WINDOWS\SYSTEM32\dist001.exe
Virus:Trojan Horse.AP3 Disinfected C:\WINDOWS\SYSTEM32\GSM3-0511.exe
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\SYSTEM32\Lhbczj.exe
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\ntsmsdtc.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\spoolsv.dll
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\SYSTEM32\Wtypmk.exe
Spyware:spyware/surfsidekick Not disinfected C:\WINDOWS\Temporary Internet Files\Ssk.log
Adware:Adware/CommAd Not disinfected C:\WINDOWS\WWVsZGEgTG9uZw\qqpPt3H0n36RtT.vbs
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\zmaosyyh.exe




Logfile of HijackThis v1.99.1
Scan saved at 7:13:38 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#10 Koc

Koc

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:37 PM

Posted 20 November 2006 - 03:07 PM

==Download, install, and update AVG Anti-Spyware 7.5
  • Save the installer to desktop
  • Double click the installer, select your language, and then select OK
  • Click NEXT>>Do or don't read the "User License Agreement"
    Select I Agree>>>NEXT>>>INSTALL
  • AVG will now install and afterwards click FINISH
  • AVG Anti-Spyware 7.5 should now Load
  • Click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close AVG Anti-Spyware 7.5. Do not run it yet.
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears.
Sign in with your normal user account

Once in safe mode
  • Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
  • Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and
    Uncheck "Only if Threats are found"
  • Click back to the "Scan" tab and then click on Complete System Scan.
    This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).


#11 Greg62157

Greg62157
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 22 November 2006 - 02:48 PM

Ran the AVG in Safe Mode as per your directions. There were a couple of files that it said were part of an archive and asked me if I wanted to quarantine the whole archive. I answered yes to these. Attached is the AVG report. Also attaching a new HJT log.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:26:02 PM 11/22/2006

+ Scan result:



C:\Documents and Settings\Yelda Long\Desktop\Setup.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1343\auto_update_uninstall.exe -> Adware.Apropos : Cleaned with backup (quarantined).
C:\WINDOWS\htzxlnu.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\cchnsiyv.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\zmaosyyh.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Lhbczj.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Wtypmk.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc463.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc464.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc465.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc466.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc467.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc468.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc469.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc470.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc471.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc472.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc473.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc474.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc475.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc476.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc477.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc478.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc479.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc480.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc481.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc482.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc483.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc484.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc485.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc486.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc487.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc488.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc489.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc490.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc491.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc492.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc493.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc494.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc495.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc496.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc497.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc498.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc499.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc500.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc501.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc502.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc503.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc504.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc505.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc506.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc507.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc508.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc509.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc510.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc511.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc512.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc513.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc514.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc515.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc516.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc517.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc518.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc519.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc520.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc521.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc522.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc523.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc524.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc525.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc526.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc527.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc528.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc529.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Desktop\SmileyCentralPFSetup2.1.50.3-3.ZNfox000.exe/mwsSrcSp.CommonCodebase.exe -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report\ag.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report\ag.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report\send.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report\send.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\246765-ventura-hot.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111144.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111145.dll/Catcher.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111145.dll/cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111148.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2266.exe -> Adware.Pacer : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Desktop\backups\backup-20061116-202406-919.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-1008\Dc1.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107446.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107447.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107517.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107520.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0108040.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242\A0111053.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\spoolsv.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKU\S-1-5-21-2482556158-367380603-2490717038-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1318.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2276.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2277.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2278.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc591.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc592.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\tb3[1].cab/toolbar.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\UVJ54NN9\newmajorse2[1].cab/newmajorse2.txt -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\InetGet\Adperform180safull.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\InetGet\stubSafull.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\Common Files\RACLE~1\msdtc.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Local Settings\Temp\!update.exe -> Downloader.PurityScan.df : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\Common Files\CURITY~1\taskmgr.exe -> Downloader.PurityScan.df : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\ASKS~1\services.exe -> Downloader.PurityScan.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111143.cpl -> Downloader.Qoologic.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111146.exe -> Downloader.Small.bqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111147.exe -> Downloader.Small.bqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0114174.exe -> Downloader.VB.eu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0114173.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\WINDOWS\My404.exe -> Hijacker.StartPage.yq : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1349\IncrediMail\imloader.exe -> Not-A-Virus.Downloader.Win32.ImLoader.c : Cleaned with backup (quarantined).
:mozilla.561:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.311:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.312:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.313:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.453:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.454:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.542:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.554:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.274:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.275:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.276:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.157:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.158:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.159:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.160:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.161:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.162:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.163:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.164:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.165:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.241:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.242:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.243:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.244:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.264:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.268:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.308:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.309:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.310:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.325:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.339:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.340:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.341:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.344:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.345:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.347:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.351:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.359:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.361:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.363:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.365:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.367:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.91:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.360:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.436:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.437:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.66:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.67:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.68:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.69:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.78:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.24:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.374:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.377:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.64:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.210:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.587:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.216:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.217:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.218:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.226:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.227:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.228:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.70:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.76:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.302:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.305:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.306:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.478:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.481:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.489:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.490:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.491:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.492:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.501:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.502:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.515:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.579:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.580:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.581:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.80:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.188:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.189:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.170:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.172:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.173:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.192:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.193:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.194:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.195:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.557:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.558:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.166:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.167:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.54:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.55:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.532:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.536:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.537:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.538:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.539:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.34:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.35:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.36:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.37:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.426:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.235:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.236:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.237:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.238:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.239:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.279:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.280:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.281:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.282:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.283:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.284:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.285:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.286:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.287:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.288:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.289:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.290:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.291:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.292:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.293:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.294:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.295:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.296:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.297:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.298:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.300:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.330:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.331:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.332:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.514:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.404:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.405:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.406:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.407:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.408:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.409:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.427:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.428:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.89:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.143:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.144:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.146:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.147:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.148:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.149:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.150:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.151:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.58:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.59:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.59:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.474:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.31:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.370:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.371:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.372:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1368.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc350.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc351.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc352.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc355.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Desktop\SmileyCentralPFSetup2.1.50.3-3.ZNfox000.exe/mwsSetup.CommonCodebase.exe -> Trojan.Isbar.s : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0114175.exe -> Trojan.Registrator.b : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:43:57 PM, on 11/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program File

#12 Koc

Koc

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:37 PM

Posted 23 November 2006 - 08:11 AM

Can you please post the whole Hijackthis log, thanks :thumbsup:

#13 Greg62157

Greg62157
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 23 November 2006 - 01:13 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:09:24 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#14 Koc

Koc

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:37 PM

Posted 24 November 2006 - 03:52 PM

Your log looks clean any problems?

#15 Greg62157

Greg62157
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 24 November 2006 - 04:20 PM

Computer is acting very slow. Takes a long time for screens to refresh. I ran Ad-Aware as a check for viruses. It found 17 critical objects. Ad-aware log is shown below.


Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, November 24, 2006 3:57:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R133 16.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdDestroyer(TAC index:5):1 total references
Adware.Websearch(TAC index:9):1 total references
Ebates MoneyMaker(TAC index:4):1 total references
IBIS Toolbar(TAC index:5):11 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
VirtualBouncer(TAC index:5):1 total references
VX2(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R133 16.11.2006
Internal build : 167
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 859530 Bytes
Total size : 2788354 Bytes
Signature data size : 2738708 Bytes
Reference data size : 49134 Bytes
Signatures total : 74535
CSI Fingerprints total : 4563
CSI data size : 198590 Bytes
Target categories : 15
Target families : 1011


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:17 %
Total physical memory:260096 kb
Available physical memory:43360 kb
Total page file size:666740 kb
Available on page file:136524 kb
Total virtual memory:2097024 kb
Available virtual memory:2040148 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-24-2006 3:57:01 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 356
ThreadCreationTime : 11-23-2006 6:04:07 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 412
ThreadCreationTime : 11-23-2006 6:04:20 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 436
ThreadCreationTime : 11-23-2006 6:04:21 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 11-23-2006 6:04:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 11-23-2006 6:04:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 11-23-2006 6:04:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 11-23-2006 6:04:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 756
ThreadCreationTime : 11-23-2006 6:04:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 804
ThreadCreationTime : 11-23-2006 6:04:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 852
ThreadCreationTime : 11-23-2006 6:04:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 928
ThreadCreationTime : 11-23-2006 6:04:25 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 960
ThreadCreationTime : 11-23-2006 6:04:25 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 11-23-2006 6:04:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1180
ThreadCreationTime : 11-23-2006 6:04:28 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:15 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 11-23-2006 6:04:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:16 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1216
ThreadCreationTime : 11-23-2006 6:04:30 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:17 [savroam.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1260
ThreadCreationTime : 11-23-2006 6:04:30 PM
BasePriority : Normal
FileVersion : 1.5.0.0
ProductVersion : 1.5.0.0
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe

#:18 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1332
ThreadCreationTime : 11-23-2006 6:04:32 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1488
ThreadCreationTime : 11-23-2006 6:04:34 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1800
ThreadCreationTime : 11-23-2006 6:04:53 PM
BasePriority : Normal
FileVersion : 3.0.0.4342
ProductVersion : 7.0.0.4342
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:21 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 1816
ThreadCreationTime : 11-23-2006 6:04:55 PM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:22 [mmtask.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 1828
ThreadCreationTime : 11-23-2006 6:04:55 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:23 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1852
ThreadCreationTime : 11-23-2006 6:04:57 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:24 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 1892
ThreadCreationTime : 11-23-2006 6:04:59 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_03\bin\
ProcessID : 1976
ThreadCreationTime : 11-23-2006 6:05:01 PM
BasePriority : Normal


#:26 [aolhostmanager.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 116
ThreadCreationTime : 11-23-2006 6:05:02 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:27 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 200
ThreadCreationTime : 11-23-2006 6:05:03 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:28 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 220
ThreadCreationTime : 11-23-2006 6:05:03 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:29 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 344
ThreadCreationTime : 11-23-2006 6:05:08 PM
BasePriority : Normal
FileVersion : 7.0.1.8
ProductVersion : 7.0.1.8
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1560
ThreadCreationTime : 11-23-2006 6:05:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1796
ThreadCreationTime : 11-23-2006 6:05:22 PM
BasePriority : Normal
FileVersion : 7.0.1.8
ProductVersion : 7.0.1.8
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:32 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2056
ThreadCreationTime : 11-23-2006 6:05:23 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:33 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 2332
ThreadCreationTime : 11-23-2006 6:05:41 PM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:34 [belkinwlanmonitor.exe]
FilePath : C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\
ProcessID : 2372
ThreadCreationTime : 11-23-2006 6:05:47 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Belkin 11Mbps USB Wireless Network Adapter
CompanyName : Belkin Corporation
FileDescription : Belkin 11Mbps USB Wireless Network Monitor Utility
InternalName : BelkinWLANMonitor
LegalCopyright : Copyright © 2003 Belkin Corporation
OriginalFilename : BelkinWLANMonitor.EXE
Comments : Base on SDK 3423

#:35 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 2384
ThreadCreationTime : 11-23-2006 6:05:48 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:36 [googleupdater.exe]
FilePath : C:\Program Files\Google\Google Updater\
ProcessID : 2396
ThreadCreationTime : 11-23-2006 6:05:50 PM
BasePriority : Normal
FileVersion : 1.4.660.29079.beta
ProductVersion : 1.4.660.29079.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : Google Updater
InternalName : Google Updater
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdater.exe
Comments : Google Updater

#:37 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2980
ThreadCreationTime : 11-23-2006 6:11:58 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:38 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3460
ThreadCreationTime : 11-23-2006 6:32:35 PM
BasePriority : Normal


#:39 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3484
ThreadCreationTime : 11-23-2006 6:32:35 PM
BasePriority : High


#:40 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1492
ThreadCreationTime : 11-23-2006 6:32:45 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:41 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2972
ThreadCreationTime : 11-23-2006 6:32:54 PM
BasePriority : Normal
FileVersion : 3.0.0.4342
ProductVersion : 7.0.0.4342
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:42 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 2356
ThreadCreationTime : 11-23-2006 6:32:55 PM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:43 [mmtask.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 3120
ThreadCreationTime : 11-23-2006 6:32:55 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:44 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3280
ThreadCreationTime : 11-23-2006 6:32:57 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:45 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 1432
ThreadCreationTime : 11-23-2006 6:32:58 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:46 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_03\bin\
ProcessID : 3528
ThreadCreationTime : 11-23-2006 6:32:58 PM
BasePriority : Normal


#:47 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 3536
ThreadCreationTime : 11-23-2006 6:32:59 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:48 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3608
ThreadCreationTime : 11-23-2006 6:33:00 PM
BasePriority : Normal
FileVersion : 7.0.1.8
ProductVersion : 7.0.1.8
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:49 [aolhostmanager.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 1472
ThreadCreationTime : 11-23-2006 6:33:01 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:50 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 3772
ThreadCreationTime : 11-23-2006 6:33:02 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:51 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2712
ThreadCreationTime : 11-23-2006 6:33:11 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:52 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 2340
ThreadCreationTime : 11-23-2006 6:33:27 PM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:53 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 1280
ThreadCreationTime : 11-23-2006 6:33:28 PM
BasePriority : Normal
FileVersion : 5.9.6089
ProductVersion : 5.9.6089
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2006 America Online, Inc.
OriginalFilename : AIM.EXE

#:54 [belkinwlanmonitor.exe]
FilePath : C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\
ProcessID : 3164
ThreadCreationTime : 11-23-2006 6:33:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Belkin 11Mbps USB Wireless Network Adapter
CompanyName : Belkin Corporation
FileDescription : Belkin 11Mbps USB Wireless Network Monitor Utility
InternalName : BelkinWLANMonitor
LegalCopyright : Copyright © 2003 Belkin Corporation
OriginalFilename : BelkinWLANMonitor.EXE
Comments : Base on SDK 3423

#:55 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 3188
ThreadCreationTime : 11-23-2006 6:33:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:56 [limewire.exe]
FilePath : C:\Program Files\LimeWire\
ProcessID : 3308
ThreadCreationTime : 11-23-2006 6:33:35 PM
BasePriority : Normal


#:57 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 3784
ThreadCreationTime : 11-24-2006 5:11:23 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:58 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1844
ThreadCreationTime : 11-24-2006 8:56:14 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdDestroyer Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\vb and vba program settings\addestroyer

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hminlzz2ym5hx3rk4irx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : a4ix

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : alk3hm

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : 4irx2y4mnrk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hrl4nyirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hr8g8kmi4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hrhrirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hrhrirlx2j25s

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hrjy3ralsr4xz

VirtualBouncer Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\vb and vba program settings\vbouncer

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\aurora

Adware.Websearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Adware
Comment : "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\toolbar\urlsearchhooks
Value : {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\lq
Value : AC

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{339BB23F-A864-48C0-A59F-29EA915965EC}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\microsoft\internet explorer\toolbar\webbrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 16


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-2482556158-367380603-2490717038-1009\Software\Microsoft\Internet ExplorerSearchURLsearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
TAC Rating : 5
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\Software\Microsoft\Internet Explorer
Value : SearchURL
Data : "http://searchmiracle.com/sp.php"
<STOP>
4:05:16 PM Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:15.328
Objects scanned:83662
Objects identified:17
Objects ignored:0
New critical objects:17


I succesfully quarantined the files. I will run a Panda virus check next and send you the Panda and new HJT log next.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users