Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.haxdoor


  • Please log in to reply
16 replies to this topic

#1 Sterl902

Sterl902

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 20 March 2007 - 08:54 PM

The past few days I have been receiving a message repeatedly from Norton that I have the backdoor.haxdoor virus, but it can't delete the infected file(s). I went to the Norton website, searched for backdoor.haxdoor and tried using the removal tool on their website, but it said that there was no virus on the computer. I also have run the computer in safe mode several times and run several virus scans, only one which located the virus and claimed to have delete it. However, the very next morning, I got another pop-up from Norton saying I still had the virus.

I have been to several websites and run several scans (Norton, Ad-ware, Spybot) and nothing has removed this virus.

Here is my log from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 9:43:13 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C974836-F1D9-FA70-8C2D-AB7F651784ED} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/043df3d8342288...ip/RdxIE601.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://128.175.60.37/cam/AxisCamControl.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Network Log (Windows Network Log Manage) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe

BC AdBot (Login to Remove)

 


#2 Sterl902

Sterl902
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 21 March 2007 - 08:31 AM

bump!

#3 Sterl902

Sterl902
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 21 March 2007 - 02:22 PM

help

#4 Sterl902

Sterl902
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 22 March 2007 - 01:38 PM

still no helP?

#5 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:11 PM

Posted 23 March 2007 - 09:52 PM

Please launch Notepad, (Start > Run, type in: notepad)
Copy/paste all the blue text below to it

@echo off
sc stop "Windows Network Log Manage"
sc delete "Windows Network Log Manage"


In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: sc.bat
Save as Type: All files
Click: Save
Exit out of Notepad.

Next, on the Desktop, double click on sc.bat

~~~~
Run HijackThis, Scan
Check box for:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {6C974836-F1D9-FA70-8C2D-AB7F651784ED} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab

Select: Fix checked

~~~~
Now, download HaxFix.exe
Save it to the Desktop.
  • Double click on haxfix.exe to install.
  • Check: "Create a desktop icon"
  • Click: "Next"
  • When the installation is completed, make sure "Launch HaxFix" is checked.
  • Click "Finish"
A red "DOS window" opens with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix starts scanning the computer.
  • When finished, a logfile opens: haxlog.txt
  • Please copy the contents of the logfile and provide them in your reply. (c:\haxfix.txt)
Please post the contents of haxfix.txt along with a new HijackThis log.

Old duck...


#6 Sterl902

Sterl902
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 24 March 2007 - 09:10 PM

HAXFIX logfile - by Marckie

version 4.39
Sat 03/24/2007 22:02:55.04

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
Aspi32
CmBatt

checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found


--- Checking for Goldun ---


checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is not infected


Finished!

----------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:57:18 PM, on 3/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C974836-F1D9-FA70-8C2D-AB7F651784ED} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/043df3d8342288...ip/RdxIE601.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://128.175.60.37/cam/AxisCamControl.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Network Log (Windows Network Log Manage) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe

#7 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:11 PM

Posted 24 March 2007 - 09:23 PM

Please go back to HaxFix
Double click: fix.bat

Select Option 2, Run auto fix by typing 2 and then pressing Enter
If the malware is found, a message to close all other open windows appears.

Close all open windows except the red DOS window from HaxFix
Press Enter
The computer reboots
After rebooting, a logfile opens: C:\haxfix.txt
Please post the contents of C:\haxfix.txt along with a new HijackThis log.

Old duck...


#8 Sterl902

Sterl902
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 24 March 2007 - 09:40 PM

HaxFix says no infections are found

#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:11 PM

Posted 24 March 2007 - 09:56 PM

Please download AVG Anti-Spyware:
http://www.ewido.net/en/download/
Locate the icon on the Desktop and double-click it to launch the program.

Now, update the definition files:
On the main screen select Update, and then select the Update Now link.
Next, select the Start Update button
(The update starts and a progress bar shows the updates installed.)

Once the update completes select: Scanner (the top of the screen)
Select the Settings tab
Once in the Settings screen click on: Recommended actions
Select: Quarantine
Under: Reports, select: Automatically generate report after every scan
Un-Select: Only if threats were found
Close AVG AS for now.

~~~~
Click Start > Run and type in: services.msc
Click OK
In the Services window find: Windows Network Log
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

~~~~
Now, run HijackThis, Scan
Check box for:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {6C974836-F1D9-FA70-8C2D-AB7F651784ED} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab

O23 - Service: Windows Network Log (Windows Network Log Manage) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe

Select: Fix checked

~~~~
Reboot to Safe Mode :
-Restart your computer.
-When the machine first starts again, tap the F8 key before Windows starts
-You are presented with a Windows XP Advanced Options menu.
-Select the option for Safe Mode using the arrow keys.
-Press Enter to boot into Safe Mode.
~~~~
Search for and remove the following file (bold):
C:\windows\system32\lsakhcah.dll
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe

~~~~
Go to Start > Control Panel > Internet Options
In the General tab, Temporary Internet Files, click: Delete Files
When prompted, check: Delete all offline content
You can also check: Delete Cookies
(You will have to re-enter passwords at websites that require them.)
Click OK

Then, go to Start >Run and enter: cleanmgr
Select the drive to clean: C:\
Check the following boxes and then press OK to remove:
Temporary Files
Temporary Internet Files
RecycleBin

Agree to the prompt to perform the action...

~~~~
Still in Safe Mode, launch AVG AS once again
Select: Scanner (at the top)
Select the Scan tab
Click on: Complete System Scan
AVG AS begins the scanning process, and it may take a while.
Please do not open any other windows or programs while AVG AS is scanning, it may interfere with the scanning process!!

Once the scan is complete, AVG AS lists any infections found.
It also automatically sets the recommended action.
Click: Apply all actions
AVG AS will then display: All actions have been applied

Next select: Reports (at the top)
Select: Save report as (lower left of the screen)
Save the report to a text file in a location where you can find it!
Close AVG AS.

~~~~
Restart the computer.

~~~~
Please provide the following:
The AVG AS report, and a new HijackThis log.

Old duck...


#10 Sterl902

Sterl902
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 25 March 2007 - 09:29 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:51:18 AM 3/25/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0001136.exe -> Backdoor.Hupigon.emq : Cleaned with backup (quarantined).
C:\Documents and Settings\Sterling Howell\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\iegfilt.dll -> Logger.Delf.ex : Cleaned with backup (quarantined).
:mozilla.386:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.171:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.242:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.467:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.468:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Ronnie Howell Sr\Cookies\ronnie howell sr@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.523:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.524:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.525:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.526:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.527:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.528:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.236:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.237:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.238:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.239:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.241:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.303:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.304:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.305:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.14:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.484:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.486:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.487:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.488:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.540:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.541:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.372:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.373:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.374:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.375:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.376:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.210:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.211:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.212:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.22:C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{819F7687-D592-45BC-A4FE-F6E2B4CD71BC}\{EAE22E9A-35AC-4BDC-BC7C-C4BF91149889}.txt/{EAE22E9A-35AC-4BDC-BC7C-C4BF91149889}.txt -> TrackingCookie.Clickzs : Error during cleaning.
:mozilla.23:C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{819F7687-D592-45BC-A4FE-F6E2B4CD71BC}\{EAE22E9A-35AC-4BDC-BC7C-C4BF91149889}.txt/{EAE22E9A-35AC-4BDC-BC7C-C4BF91149889}.txt -> TrackingCookie.Clickzs : Error during cleaning.
:mozilla.592:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Co : Cleaned.
:mozilla.225:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.226:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.616:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.294:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.324:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.77:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.268:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.78:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.145:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.274:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.276:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.277:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.278:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.300:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.330:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.363:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.442:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.443:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.447:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.470:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.501:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.533:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.535:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.353:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.354:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.235:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.30:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.31:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.191:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.17:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.396:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.165:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.166:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.167:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.168:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.169:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.170:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.214:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.223:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.227:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.228:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.229:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.230:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.231:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.232:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.233:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.234:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.614:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.550:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.551:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.195:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.196:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.197:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.198:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.199:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.201:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.202:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.295:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.296:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.297:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.298:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.597:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.21:C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{819F7687-D592-45BC-A4FE-F6E2B4CD71BC}\{EAE22E9A-35AC-4BDC-BC7C-C4BF91149889}.txt/{EAE22E9A-35AC-4BDC-BC7C-C4BF91149889}.txt -> TrackingCookie.Statcounter : Error during cleaning.
:mozilla.24:C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{819F7687-D592-45BC-A4FE-F6E2B4CD71BC}\{EAE22E9A-35AC-4BDC-BC7C-C4BF91149889}.txt/{EAE22E9A-35AC-4BDC-BC7C-C4BF91149889}.txt -> TrackingCookie.Statcounter : Error during cleaning.
:mozilla.28:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.28:C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{F6D54355-6F71-46C8-85A6-9A2C5ECF4571}\{CEC2F132-4AE8-41A1-A756-68CB2DDC5D73}.txt/{CEC2F132-4AE8-41A1-A756-68CB2DDC5D73}.txt -> TrackingCookie.Statcounter : Error during cleaning.
:mozilla.29:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.30:C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{F6D54355-6F71-46C8-85A6-9A2C5ECF4571}\{CEC2F132-4AE8-41A1-A756-68CB2DDC5D73}.txt/{CEC2F132-4AE8-41A1-A756-68CB2DDC5D73}.txt -> TrackingCookie.Statcounter : Error during cleaning.
:mozilla.547:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.548:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.248:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.137:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.138:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.139:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.140:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.141:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.142:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.222:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.429:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.430:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.431:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.432:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.246:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.247:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.251:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.252:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.253:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.254:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.382:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.383:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.493:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.572:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.584:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.585:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.586:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Ronnie Howell Sr\Cookies\ronnie howell sr@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned.
:mozilla.119:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.122:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.123:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.85:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.86:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.87:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.88:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.89:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.90:C:\Documents and Settings\Sterling Howell\Application Data\Mozilla\Firefox\Profiles\sw01ti9k.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wtsit.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

-----------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:11:35 AM, on 3/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Norton AntiVirus\NAVW32.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/043df3d8342288...ip/RdxIE601.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://128.175.60.37/cam/AxisCamControl.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#11 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:11 PM

Posted 25 March 2007 - 10:00 PM

You can remove the files from the AVG AS Quarantine:
-Launch AVG AS and click the Infections button.
-Click the Quarantine tab
-Choose: Select All
-Click: Remove finally
-A window pops asking "Are you sure you want to remove the selected files...??"
-Select: Yes

~~~~
The version of Java shown on the log is outdated.

Please go to Start > Control Panel > Add or Remove Programs
In the list of Currently Installed Programs, look for all previous versions of Java:
i.e. J2SE Runtime Environment number x, etc.
Select each Java entry and then click: Remove

Next, download and install the newest version:
Scroll down to: Java Runtime Environment (JRE) 6
http://java.sun.com/javase/downloads/index.jsp

~~~~
A WeatherBug entry is showing on the HijackThis log. It is technically not spyware but the free version is adware supported.

Its removal is recommended, but it is up to you whether you want to do so.

An ad free alternative is Weather Pulse:
http://tropicdesigns.net/weatherpulse.php

If you opt to remove WeatherBug, in order to avoid future problems, make sure the program is not running before uninstalling it.
If there is a WeatherBug icon in the system tray (in the lower right hand corner of the screen) right-click on it and choose "Exit WeatherBug" or "Terminate Weatherbug".
Once the program is closed, then remove it easily from the Add or Remove Programs section of the Control Panel by following these steps:

Go to Start > Control Panel > Add or Remove Programs
In the list of currently installed programs, select:
WeatherBug
Click: Remove

Run HijackThis, Scan
Check box for:

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Select: Fix checked

~~~~
Run HijackThis once again, and post a new log.

Old duck...


#12 Sterl902

Sterl902
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 25 March 2007 - 10:31 PM

There was no Weather Bug under Add/Remove Programs, but I did have HijackThis fix it.

Logfile of HijackThis v1.99.1
Scan saved at 11:28:54 PM, on 3/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/043df3d8342288...ip/RdxIE601.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://128.175.60.37/cam/AxisCamControl.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:11 PM

Posted 27 March 2007 - 08:49 AM

Please go to: Start > Run, type: control
Press OK
Double-click on: Add/Remove Programs

On the list of Currently Installed Programs, look for and, if found, uninstall the following by selecting the entry and clicking on Remove:
LimeShop

Next, search for and delete the following folder (bold):
C:\Program Files\LimeShop

Restart the computer.

~~~~
Run HijackThis, Scan
Check box for:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

If you did not place these in the Trusted Zone, check them also:
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/043df3d8342288...ip/RdxIE601.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab

Select: Fix checked

~~~~
Restart once again.

~~~~
Run HijackThis, and post a new log.

Also, are you still having malware problems?

Old duck...


#14 Sterl902

Sterl902
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 27 March 2007 - 01:13 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:09:25 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://128.175.60.37/cam/AxisCamControl.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-----------------------------------

I have not had any Malware problems lately. Does this mean it's gone?

#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:11 PM

Posted 27 March 2007 - 08:39 PM

The HijackThis log appears clean.

If you are not having malware problems, you are good to go!

Take a good look at the following suggestions to remain malware free:
Tony Kleinís article 'How Did I Get Infected In The First Place'
http://forums.spywareinfo.com/index.php?showtopic=60955

Thank you for your patience, and performing the procedures requested.
If you have any questions or comments, post back. Otherwise...


Good luck, Sterl902!

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users