Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help!


  • This topic is locked This topic is locked
20 replies to this topic

#1 frusician

frusician

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 14 December 2006 - 02:30 PM

My computer has been running very slowly, and I keep getting messages from my Virus Scanner that I'm infected with multiple viruses. I've just used HJT to delete some malware, syspools.exe and taskdir.exe. I regularly run Ad-aware and I still get infected. Also, I recently started getting error messages when I open internet explorer saying "buffer overrun error", but these have stopped over the last couple of days.

Here's my HJT this log, anything suspect?

Logfile of HijackThis v1.99.1
Scan saved at 19:17:15, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\o6UAE8L.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\se.exe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://wwwcache.bris.ac.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thank you very much for any help you can give!

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 14 December 2006 - 05:18 PM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
====================================

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 frusician

frusician
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 15 December 2006 - 10:55 AM

Thanks for the quick response.

I've already tried SmitFraudFix, as I've used it to get rid of Malware in the past. It doesn't seem to be helping this time though. Here's my log anyway:

SmitFraudFix v2.104

Scan done at 15:49:17.71, 15/12/2006
Run from C:\Documents and Settings\Stuart Byrne\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\taskdir.exe FOUND !
C:\WINDOWS\system32\zlbw.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Stuart Byrne


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Stuart Byrne\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STUART~1\FAVORI~1

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 15 December 2006 - 11:42 AM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.


============================================

Be sure to run AVG AS and post a new hijack log in additon to the smitfraud log

Edited by MFDnSC, 15 December 2006 - 11:43 AM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 frusician

frusician
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 December 2006 - 10:05 AM

AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:22:09 16/12/2006

+ Scan result:



C:\WINDOWS\system32\win32hp.dll -> Adware.BHO : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{87185E78-A61B-4DB3-965A-3235BBD7A622} -> Adware.Generic : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87185E78-A61B-4DB3-965A-3235BBD7A622} -> Adware.Generic : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : No action taken.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-59D4-4008-9058-080011001200} -> Adware.TitanShieldAntispyware : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Adware.TitanShieldAntispyware : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-F09C-02B4-6EC2-AD0300000000} -> Adware.TitanShieldAntispyware : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} -> Adware.TitanShieldAntispyware : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B55BB05-0B4D-44FD-81A6-B136188F5DEB} -> Adware.TitanShieldAntispyware : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8333C319-0669-4893-A418-F56D9249FCA6} -> Adware.TitanShieldAntispyware : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Adware.TitanShieldAntispyware : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Adware.TitanShieldAntispyware : No action taken.
HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFD2825E-0785-40C5-9A41-518F53A8261F} -> Adware.TitanShieldAntispyware : No action taken.
C:\Documents and Settings\Stuart Byrne\ROaQGWu.exe -> Downloader.Small.dam : No action taken.
C:\Documents and Settings\Stuart Byrne\RiT5Cq5.exe -> Downloader.Small.dam : No action taken.
C:\Documents and Settings\Stuart Byrne\r5m6I54.exe -> Downloader.Small.dam : No action taken.
C:\Documents and Settings\Stuart Byrne\tpMX1I4.exe -> Downloader.Small.dam : No action taken.
C:\Documents and Settings\Stuart Byrne\vlVm6SU.exe -> Downloader.Small.dam : No action taken.
C:\Program Files\Network Associates\Common Framework\s3Un287.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\HRxf8O3.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\I71772Q.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\ONw88h5.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\V7PA34i.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\VHv5f36.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\WksB7Pm.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\a7SnIE4.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\dcpabbct.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\doSC1U3.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\i12Q0H5.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\kcJ7ibW.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\ns7xoL7.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\o6NknO3.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\o6UAE8L.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\r5AKlc1.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\wePk7q6.exe -> Downloader.Small.dam : No action taken.
C:\WINDOWS\system32\yaahgdxt.exe -> Downloader.Tibs.ir : No action taken.
C:\WINDOWS\system32\gomisjvx.exe -> Downloader.VB.afk : No action taken.
C:\WINDOWS\system32\0.4488947.exe -> Downloader.VB.ajv : No action taken.
C:\WINDOWS\system32\amanhnmh.exe -> Downloader.VB.anw : No action taken.
C:\WINDOWS\system32\tbckmsld.exe -> Downloader.VB.anw : No action taken.
:mozilla.294:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.139:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.284:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.285:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.286:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.287:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.288:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.300:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.303:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.305:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.77:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@phones4ultd.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@sento.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@sungarddatasystemsinc.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.295:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.296:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.297:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.298:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.306:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@adrevolver[4].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@netli.media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.309:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.310:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.262:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.263:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.264:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.265:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.266:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.271:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.255:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.241:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Stuart Byrne\Local Settings\Temp\Cookies\stuart byrne@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.260:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.261:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Stuart Byrne\Local Settings\Temp\Cookies\stuart byrne@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.224:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@cz2.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.236:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.239:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@e-2dj6wakogkazkfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@e-2dj6wgkiskc5iap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@e-2dj6wglycmazslp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@e-2dj6wgmighc5kap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@e-2dj6whk4okd5kkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@e-2dj6wjliegcpikq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@e-2dj6wjlisodzmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@e-2dj6wjnyeid5oao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.304:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Stuart Byrne\Local Settings\Temp\Cookies\stuart byrne@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.184:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.183:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.189:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.213:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.164:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.272:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.279:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.282:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.292:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.127:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.129:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.100:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.101:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.98:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.99:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.13:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.14:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.15:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.16:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.17:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.18:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.19:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.20:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.21:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.22:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.23:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.24:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.25:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.26:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.103:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.137:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.167:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.214:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.57:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.84:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.73:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.92:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.93:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.94:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.95:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.81:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.82:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.90:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.80:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.75:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.231:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.76:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.311:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.312:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Stuart Byrne\Cookies\stuart byrne@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Stuart Byrne\Local Settings\Temp\Cookies\stuart byrne@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.48:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.49:C:\Documents and Settings\Stuart Byrne\Application Data\Mozilla\Firefox\Profiles\tmy4d7za.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\cbzqasqp.cce -> Trojan.Agent.qe : No action taken.
C:\WINDOWS\system32\gqephvft.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\system32\1310.exe -> Trojan.Regger.s : No action taken.
C:\WINDOWS\system32\kqcmzddv.exe -> Trojan.Small : No action taken.




Smitfraud Log:

SmitFraudFix v2.104

Scan done at 14:24:02.40, 16/12/2006
Run from C:\Documents and Settings\Stuart Byrne\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\taskdir.exe Deleted
C:\WINDOWS\system32\zlbw.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 14:59:48, on 16/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\se.exe.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://wwwcache.bris.ac.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 December 2006 - 10:45 AM

Please click here http://www.majorgeeks.com/Sun_Java_Runtime...ment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and Remove ALL previous versions of JAVA.

==================
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)

O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe

O4 - HKCU\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe

O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\se.exe.exe
C:\WINDOWS\system32\syspools.exe
C:\WINDOWS\system32\taskdir.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 frusician

frusician
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 December 2006 - 01:12 PM

Thanks for the help :thumbsup: I did everything that you said, and it worked fine. All the files existed when I used killbox on them. My system is still running extremely slowly upon startup, but speeds up a bit after a while. I get messages from a virus scanner saying syspools.exe is still there, and I saw that taskdir.exe was present when i opened up task manager, so I clicked 'end process' on it. My virus scanner also lists several other malware/trojans. I really want to get my computer running properly again!

Here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 18:01:25, on 16/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://wwwcache.bris.ac.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 December 2006 - 02:52 PM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 frusician

frusician
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 17 December 2006 - 09:41 AM

Summary Log:

14:27: Removal process completed. Elapsed time 00:02:50
14:27: A reboot was suggested but declined.
14:27: Quarantining All Traces: xiti cookie
14:27: Quarantining All Traces: ugo cookie
14:27: Quarantining All Traces: tribalfusion cookie
14:27: Quarantining All Traces: tradedoubler cookie
14:27: Quarantining All Traces: dealtime cookie
14:27: Quarantining All Traces: serving-sys cookie
14:27: Quarantining All Traces: techtarget cookie
14:27: Quarantining All Traces: revenue.net cookie
14:27: Quarantining All Traces: realmedia cookie
14:27: Quarantining All Traces: questionmarket cookie
14:27: Quarantining All Traces: passion cookie
14:27: Quarantining All Traces: partypoker cookie
14:27: Quarantining All Traces: 2o7.net cookie
14:27: Quarantining All Traces: mediaplex cookie
14:27: Quarantining All Traces: webtrends cookie
14:27: Quarantining All Traces: kinghost cookie
14:27: Quarantining All Traces: fe.lea.lycos.com cookie
14:27: Quarantining All Traces: touchclarity cookie
14:27: Quarantining All Traces: directtrack cookie
14:27: Quarantining All Traces: ccbill cookie
14:27: Quarantining All Traces: casalemedia cookie
14:27: Quarantining All Traces: bs.serving-sys cookie
14:27: Quarantining All Traces: bizrate cookie
14:27: Quarantining All Traces: a cookie
14:27: Quarantining All Traces: atwola cookie
14:27: Quarantining All Traces: atlas dmt cookie
14:27: Quarantining All Traces: ask cookie
14:27: Quarantining All Traces: apmebf cookie
14:27: Quarantining All Traces: associated new media cookie
14:27: Quarantining All Traces: advertising cookie
14:27: Quarantining All Traces: adtech cookie
14:27: Quarantining All Traces: adrevolver cookie
14:27: Quarantining All Traces: hbmediapro cookie
14:27: Quarantining All Traces: yieldmanager cookie
14:27: Quarantining All Traces: websponsors cookie
14:27: Quarantining All Traces: 888 cookie
14:27: Quarantining All Traces: 123count cookie
14:27: Quarantining All Traces: antispyware soldier fakealert
14:26: Quarantining All Traces: trojan-nuwar
14:26: Quarantining All Traces: trojan-backdoor-securemulti
14:24: Removal process initiated
14:23: Traces Found: 82
14:23: Custom Sweep has completed. Elapsed time 01:26:25
14:23: File Sweep Complete, Elapsed Time: 01:11:34
14:22: The Internet Communication shield has blocked access to: 81.177.26.20
14:20: The Internet Communication shield has blocked access to: 81.177.26.21
14:20: The Internet Communication shield has blocked access to: 81.177.26.20
14:20: The Internet Communication shield has blocked access to: 217.107.217.177
14:17: The Internet Communication shield has blocked access to: 81.177.26.21
14:10: Warning: Failed to access drive D:
14:09: Warning: Failed to open file "c:\documents and settings\stuart byrne\cookies\stuart byrne@questionmarket[2].txt". The operation completed successfully
14:05: C:\WINDOWS\system32\google.png.exe (ID = 418741)
14:05: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || taskdir (ID = 0)
14:05: HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Run || taskdir (ID = 0)
14:05: C:\WINDOWS\system32\taskdir.exe (ID = 390583)
14:05: C:\WINDOWS\system32\w.exe.exe (ID = 418728)
14:05: C:\Documents and Settings\Stuart Byrne\Waol1˙1.exe (ID = 418173)
14:05: C:\WINDOWS\system32\JV0DC4m.exe (ID = 418173)
14:05: C:\WINDOWS\system32\fE6e1Pa.exe (ID = 418173)
14:05: The Internet Communication shield has blocked access to: 81.177.26.21
14:05: The Internet Communication shield has blocked access to: 81.177.26.20
14:05: The Internet Communication shield has blocked access to: 217.107.217.177
14:05: C:\WINDOWS\system32\se.exe.exe (ID = 418731)
14:04: C:\WINDOWS\system32\intr32.dll (ID = 414171)
14:04: C:\WINDOWS\system32\nordsys.exe (ID = 413314)
13:54: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\18UGQXV8\w[1].exe (ID = 418730)
13:53: The Internet Communication shield has blocked access to: 81.177.26.21
13:53: The Internet Communication shield has blocked access to: 81.177.26.21
13:53: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K0J8OGBX\se[1].exe (ID = 418727)
13:52: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UV8I4KXY\ss[1].exe (ID = 418726)
13:52: The Internet Communication shield has blocked access to: 81.177.26.20
13:50: The Internet Communication shield has blocked access to: 81.177.26.21
13:50: The Internet Communication shield has blocked access to: 81.177.26.20
13:50: The Internet Communication shield has blocked access to: 217.107.217.177
13:46: C:\Documents and Settings\Stuart Byrne\Local Settings\Temporary Internet Files\Content.IE5\E1GNEPI5\w[1].exe (ID = 418730)
13:46: C:\Documents and Settings\Stuart Byrne\Local Settings\Temporary Internet Files\Content.IE5\KXSJ0FGZ\se[1].exe (ID = 418727)
13:45: C:\Documents and Settings\Stuart Byrne\Local Settings\Temporary Internet Files\Content.IE5\KXOH6RGP\ss[1].exe (ID = 418726)
13:43: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVKXMB01\w[1].exe (ID = 418730)
13:43: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U7W3MZOV\se[1].exe (ID = 418727)
13:43: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4N61Q3SN\ss[1].exe (ID = 418726)
13:43: C:\Documents and Settings\Stuart Byrne\Local Settings\Temporary Internet Files\Content.IE5\KTE3KPA7\ss[1].exe (ID = 418726)
13:42: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CPQ3KXA7\w[1].exe (ID = 418730)
13:41: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0PIVOXAZ\se[1].exe (ID = 418727)
13:41: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WLYB4T2J\ss[1].exe (ID = 418726)
13:40: C:\WINDOWS\system32\w.exe (ID = 418729)
13:35: The Internet Communication shield has blocked access to: 81.177.26.21
13:35: The Internet Communication shield has blocked access to: 81.177.26.20
13:35: The Internet Communication shield has blocked access to: 217.107.217.177
13:28: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
13:26: The Internet Communication shield has blocked access to: 81.177.26.21
13:26: The Internet Communication shield has blocked access to: 81.177.26.21
13:22: The Internet Communication shield has blocked access to: 81.177.26.20
13:20: The Internet Communication shield has blocked access to: 81.177.26.21
13:20: The Internet Communication shield has blocked access to: 81.177.26.20
13:20: The Internet Communication shield has blocked access to: 217.107.217.177
13:12: Starting File Sweep
13:12: Cookie Sweep Complete, Elapsed Time: 00:00:03
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@yieldmanager[1].txt (ID = 3749)
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@xiti[1].txt (ID = 3717)
13:12: Found Spy Cookie: xiti cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@ugo[1].txt (ID = 3608)
13:12: Found Spy Cookie: ugo cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@tribalfusion[2].txt (ID = 3589)
13:12: Found Spy Cookie: tribalfusion cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@tradedoubler[2].txt (ID = 3575)
13:12: Found Spy Cookie: tradedoubler cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@stat.dealtime[2].txt (ID = 2506)
13:12: Found Spy Cookie: dealtime cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@serving-sys[1].txt (ID = 3343)
13:12: Found Spy Cookie: serving-sys cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@searchsmb.techtarget[1].txt (ID = 3500)
13:12: Found Spy Cookie: techtarget cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@revenue[2].txt (ID = 3257)
13:12: Found Spy Cookie: revenue.net cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@realmedia[1].txt (ID = 3235)
13:12: Found Spy Cookie: realmedia cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@rapidresponse.directtrack[2].txt (ID = 2528)
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@questionmarket[2].txt (ID = 3217)
13:12: Found Spy Cookie: questionmarket cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@passion[2].txt (ID = 3113)
13:12: Found Spy Cookie: passion cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@partypoker[1].txt (ID = 3111)
13:12: Found Spy Cookie: partypoker cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@msnportal.112.2o7[2].txt (ID = 1958)
13:12: Found Spy Cookie: 2o7.net cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@mediaplex[2].txt (ID = 6442)
13:12: Found Spy Cookie: mediaplex cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@m.webtrends[1].txt (ID = 3669)
13:12: Found Spy Cookie: webtrends cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@lastminute.touchclarity[1].txt (ID = 3566)
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@kinghost[2].txt (ID = 2903)
13:12: Found Spy Cookie: kinghost cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@fe.lea.lycos[1].txt (ID = 2660)
13:12: Found Spy Cookie: fe.lea.lycos.com cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@easyjet.touchclarity[1].txt (ID = 3566)
13:12: Found Spy Cookie: touchclarity cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@directtrack[1].txt (ID = 2527)
13:12: Found Spy Cookie: directtrack cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@ccbill[1].txt (ID = 2369)
13:12: Found Spy Cookie: ccbill cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@casalemedia[2].txt (ID = 2354)
13:12: Found Spy Cookie: casalemedia cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@bs.serving-sys[1].txt (ID = 2330)
13:12: Found Spy Cookie: bs.serving-sys cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@bizrate[1].txt (ID = 2308)
13:12: Found Spy Cookie: bizrate cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@a[1].txt (ID = 2027)
13:12: Found Spy Cookie: a cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@atwola[1].txt (ID = 2255)
13:12: Found Spy Cookie: atwola cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@atdmt[2].txt (ID = 2253)
13:12: Found Spy Cookie: atlas dmt cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@ask[1].txt (ID = 2245)
13:12: Found Spy Cookie: ask cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@apmebf[1].txt (ID = 2229)
13:12: Found Spy Cookie: apmebf cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@anm.co[1].txt (ID = 2223)
13:12: Found Spy Cookie: associated new media cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@advertising[2].txt (ID = 2175)
13:12: Found Spy Cookie: advertising cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@adtech[2].txt (ID = 2155)
13:12: Found Spy Cookie: adtech cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@adrevolver[4].txt (ID = 2088)
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@adrevolver[3].txt (ID = 2088)
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@adrevolver[1].txt (ID = 2088)
13:12: Found Spy Cookie: adrevolver cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@adopt.hbmediapro[2].txt (ID = 2768)
13:12: Found Spy Cookie: hbmediapro cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@ad.yieldmanager[2].txt (ID = 3751)
13:12: Found Spy Cookie: yieldmanager cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@a.websponsors[2].txt (ID = 3665)
13:12: Found Spy Cookie: websponsors cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@888[1].txt (ID = 2019)
13:12: Found Spy Cookie: 888 cookie
13:12: c:\documents and settings\stuart byrne\cookies\stuart byrne@123count[2].txt (ID = 1927)
13:12: Found Spy Cookie: 123count cookie
13:12: Starting Cookie Sweep
13:12: Registry Sweep Complete, Elapsed Time:00:01:10
13:12: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || system spool (ID = 1883870)
13:11: HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\software\microsoft\windows\currentversion\run\ || system spool (ID = 1883870)
13:11: HKLM\software\microsoft\windows\currentversion\run\ || system spool (ID = 1883871)
13:11: Found Trojan Horse: trojan-nuwar
13:11: HKLM\software\classes\typelib\{8abd1f36-e756-48ad-91b0-22bcd833c2d6}\ (ID = 1880627)
13:11: HKLM\software\classes\clsid\{a9bcd13d-4610-476f-b3cf-3bebb37b6e1c}\ (ID = 1880613)
13:11: HKCR\typelib\{8abd1f36-e756-48ad-91b0-22bcd833c2d6}\ (ID = 1880602)
13:11: HKCR\clsid\{a9bcd13d-4610-476f-b3cf-3bebb37b6e1c}\ (ID = 1880588)
13:11: HKLM\software\classes\wininettransfer.clsinternettransfer\ (ID = 1878814)
13:11: HKCR\wininettransfer.clsinternettransfer\ (ID = 1878786)
13:11: Found Adware: antispyware soldier fakealert
13:10: Starting Registry Sweep
13:10: Memory Sweep Complete, Elapsed Time: 00:13:03
13:07: The Internet Communication shield has blocked access to: 81.177.26.21
13:07: The Internet Communication shield has blocked access to: 81.177.26.21
13:05: The Internet Communication shield has blocked access to: 81.177.26.21
13:05: The Internet Communication shield has blocked access to: 81.177.26.20
13:05: The Internet Communication shield has blocked access to: 217.107.217.177
13:04: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || taskdir (ID = 0)
13:04: HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\Software\Microsoft\Windows\CurrentVersion\Run || taskdir (ID = 0)
13:04: Detected running threat: C:\WINDOWS\system32\taskdir.exe (ID = 390583)
12:57: Starting Memory Sweep
12:57: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || taskdir (ID = 1220571)
12:57: C:\WINDOWS\system32\taskdir.exe (ID = 1220571)
12:57: HKU\S-1-5-21-2656477521-1571662380-1376277974-1006\software\microsoft\windows\currentversion\run\ || taskdir (ID = 1220571)
12:57: Found Trojan Horse: trojan-backdoor-securemulti
12:57: Start Custom Sweep
12:57: Sweep initiated using definitions version 823
12:57: Spy Sweeper 5.2.3.2138 started
12:57: | Start of Session, 17 December 2006 |
********
12:57: | End of Session, 17 December 2006 |
12:51: The Internet Communication shield has blocked access to: 81.177.26.20
12:50: The Internet Communication shield has blocked access to: 81.177.26.21
12:50: The Internet Communication shield has blocked access to: 217.107.217.177
12:50: The Internet Communication shield has blocked access to: 81.177.26.20
12:42: The Internet Communication shield has blocked access to: 81.177.26.21
12:38: The Internet Communication shield has blocked access to: 81.177.26.21
12:38: The Internet Communication shield has blocked access to: 81.177.26.21
12:36: The Internet Communication shield has blocked access to: 217.107.217.177
12:36: The Internet Communication shield has blocked access to: 81.177.26.20
12:36: The Internet Communication shield has blocked access to: SEARCHPORTAL.INFORMATION.COM
12:35: The Internet Communication shield has blocked access to: SEARCHPORTAL.INFORMATION.COM
12:35: The Internet Communication shield has blocked access to: 81.177.26.21
12:33: The Internet Communication shield has blocked access to: 81.177.26.21
12:29: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
12:29: Your spyware definitions have been updated.
12:28: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\MCSHIELD.EXE
12:26: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:23: Shield States
12:22: Spyware Definitions: 816
12:22: Warning: Virus definitions files are invalid, please update your virus definitions. 220
12:20: Spy Sweeper 5.2.3.2138 started
12:20: Spy Sweeper 5.2.3.2138 started
12:20: | Start of Session, 17 December 2006 |
********


New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 14:36:28, on 17/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://wwwcache.bris.ac.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] "C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 17 December 2006 - 11:17 AM

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 frusician

frusician
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 17 December 2006 - 12:13 PM

Thank you :flowers: I did everything you said. not sure if I'm completely clean though :thumbsup: When I reboot I see this:

Posted Image

syspools.exe is still there, and some others by the look of things. Any ideas? Computer does seem to be running a bit better though.

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 17 December 2006 - 01:25 PM

See if this will get it - I thought SpySweeper had

http://info.prevx.com/downloadremove.asp?m...al.Code.Exploit
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 frusician

frusician
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 17 December 2006 - 02:39 PM

Should I do it in safe mode or not?

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 17 December 2006 - 02:42 PM

normal is fine
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 frusician

frusician
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 December 2006 - 11:10 AM

I ran it, and it found over 3000 malware! Here's my new HJT log, hopefully I'm clean now.

Logfile of HijackThis v1.99.1
Scan saved at 15:55:35, on 18/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://wwwcache.bris.ac.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] "C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [system spool] C:\WINDOWS\system32\syspools.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


My computer still takes ages to boot up though, I think this might be partly to do with all my new anti spyware software starting up at the same time! Shall I delete some of them? Do you have any other tips on how to make my system run faster?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users