Acer Laptop: Bluescreen Stop On Prior To Xp Windows Login

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Acer Laptop: Bluescreen Stop On Prior To Xp Windows Login

Options

jpf321 View Member Profile	May 21 2007, 01:26 AM Post #1
New Member Group: Authentic Member Posts: 19 Joined: 20-May 07 Member No.: 70,282 Operating System: Win XP	Attached are AVG (Safe mode) and HJT logs for machine which "occassionally" Blue Screen Stops upon boot-up prior to windows XP login. This is a different computer than the Backdoor.Small.OS topic I posted earlier. Logfile of HijackThis v1.99.1 Scan saved at 3:20:54 AM, on 5/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\M-Audio Uno\UnoInst.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Linksys\WUSB300N\WLService.exe C:\Program Files\Linksys\WUSB300N\WUSB300N.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Hello\Hello.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\wuauclt.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\igfxsrvc.exe C:\DOCUME~1\JPF\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Acer\Empowering Technology\admtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe D:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe D:\Program Files\BOINC\boincmgr.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe D:\Program Files\BOINC\boinc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\WINDOWS\system32\msiexec.exe D:\Program Files\BOINC\projects\climateprediction.net\hadcm3trans_5.15_windows_intelx86.exe D:\Program Files\BOINC\projects\climateprediction.net\hadcm3transum_5.15_windows_intelx86.exe C:\WINDOWS\system32\HPZinw12.exe D:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.6\THGuard.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] d:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BOINC Manager.lnk = D:\Program Files\BOINC\boincmgr.exe O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMsie.dll/link.html O8 - Extra context menu item: Scan with Advanced Email Extractor - res://C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMsie.dll/page.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMsie.dll (file missing) O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMsie.dll (file missing) O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe (file missing) --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:10:57 AM 5/21/2007 + Scan result: C:\Program Files\Kazaa\TopSearch.dll -> Adware.Altnet : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-3265337758-2803858469-4281255191-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Cleaned with backup (quarantined). C:\WINDOWS\system32\ma.exe.exe -> Downloader.Tibs.kl : Cleaned with backup (quarantined). C:\WINDOWS\system32\pp.exe.exe -> Downloader.Tibs.kl : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9D7FE093-30E8-4750-B1B9-291EB5BE2043}\RP105\A0014550.exe -> Dropper.Small.avu : Cleaned with backup (quarantined). :mozilla.19:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.20:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.21:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.40:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.41:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.42:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.754:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Adobe : Cleaned. :mozilla.61:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.62:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\JPF\Cookies\jp freeley@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.659:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.176:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.185:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.186:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.187:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.188:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.14:C:\Documents and Settings\JPF\Application Data\Thunderbird\Profiles\ua9e1068.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.799:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Epilot : Cleaned. :mozilla.50:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.102:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.103:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.104:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.105:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.309:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.310:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.814:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.815:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.816:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.817:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.318:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.319:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.372:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@search.live[1].txt -> TrackingCookie.Live : Cleaned. :mozilla.730:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.731:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\JPF\Cookies\jp freeley@search.msn[1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@search.msn[1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@search.msn[2].txt -> TrackingCookie.Msn : Cleaned. :mozilla.13:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.14:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned. :mozilla.448:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.449:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.450:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.456:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\JPF\Cookies\jp freeley@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. :mozilla.13:C:\Documents and Settings\JPF\Application Data\Thunderbird\Profiles\ua9e1068.Default User\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.852:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\JPF\Cookies\jp freeley@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned. :mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.55:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.56:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.57:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.58:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.59:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.60:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.476:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.477:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.489:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.490:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.491:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.492:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.493:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@network.realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.494:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.495:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.496:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.497:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.665:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.235:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.236:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.237:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.238:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.147:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.518:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.519:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.520:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.521:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.522:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.526:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Skype : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@skype[1].txt -> TrackingCookie.Skype : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@skype[2].txt -> TrackingCookie.Skype : Cleaned. :mozilla.51:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.534:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.546:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.547:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.548:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.549:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.579:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.580:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.581:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.582:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.583:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.584:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.585:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.586:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.589:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.590:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6utt13y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\JPF\Cookies\jpf@m.webtrends[3].txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.656:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.657:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.658:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\System Volume Information\_restore{9D7FE093-30E8-4750-B1B9-291EB5BE2043}\RP105\A0014552.exe -> Worm.Nuwar : Cleaned with backup (quarantined). ::Report end

jpf321 View Member Profile	May 21 2007, 02:43 AM Post #2
New Member Group: Authentic Member Posts: 19 Joined: 20-May 07 Member No.: 70,282 Operating System: Win XP	Here are the "Normal Boot" Logs after another Normal Boot AVG scan Logfile of HijackThis v1.99.1 Scan saved at 4:40:24 AM, on 5/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\M-Audio Uno\UnoInst.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Linksys\WUSB300N\WLService.exe C:\Program Files\Linksys\WUSB300N\WUSB300N.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Hello\Hello.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\hkcmd.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\igfxsrvc.exe C:\DOCUME~1\JPF\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Acer\Empowering Technology\admtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe D:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe D:\Program Files\BOINC\boincmgr.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe D:\Program Files\BOINC\boinc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe D:\Program Files\BOINC\projects\climateprediction.net\hadcm3trans_5.15_windows_intelx86.exe D:\Program Files\BOINC\projects\climateprediction.net\hadcm3transum_5.15_windows_intelx86.exe C:\WINDOWS\system32\HPZinw12.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.6\THGuard.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] d:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BOINC Manager.lnk = D:\Program Files\BOINC\boincmgr.exe O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMsie.dll/link.html O8 - Extra context menu item: Scan with Advanced Email Extractor - res://C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMsie.dll/page.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMsie.dll (file missing) O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMsie.dll (file missing) O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe (file missing) --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 4:39:12 AM 5/21/2007 + Scan result: C:\System Volume Information\_restore{9D7FE093-30E8-4750-B1B9-291EB5BE2043}\RP105\A0014597.dll -> Adware.Altnet : Cleaned. C:\System Volume Information\_restore{9D7FE093-30E8-4750-B1B9-291EB5BE2043}\RP105\A0014595.exe -> Downloader.Tibs.kl : Cleaned. C:\System Volume Information\_restore{9D7FE093-30E8-4750-B1B9-291EB5BE2043}\RP105\A0014596.exe -> Downloader.Tibs.kl : Cleaned. :mozilla.20:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.21:C:\Documents and Settings\JPF\Application Data\Mozilla\Firefox\Profilesv4kd24.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. ::Report end

LDTate View Member Profile	May 22 2007, 08:54 PM Post #3
Forum God Group: Root Admin Posts: 43,015 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Hello and welcome to the forum Look in your control panels add/remove programs for any of these and uninstall them: Oin Yazzle by Oin Purityscan by Oin Snowballwars by Oin or anything similar with Oin or Outerinfo in it. Zolero Tizzletalk MediaTickets Cowabanga and any other programs you didn't install or don't recognize - if your not sure please ask first Next.......... Download and run this uninstaller: http://www.outerinfo.com/OiUninstaller.exe Tutorial for the uninstaller if needed --------------- Next install MVPS HOSTS, please read more about what we are doing. Download and unzip hosts.zip from HERE to a folder (hosts). Here's a Tutorial on how to install it, but it's installed like this: Open up the hosts folder and double-click on the mvps.bat file, it will rename your present HOSTS file to HOSTS.MVP, then it will copy the new HOSTS file to the correct location on your machine. It happens very quickly so don't blink! ------------------- Please note that a large HOSTS file (over 135 kb) may slow down the machine. This only occurs in W2K and XP. To fix this: Go to Start > Run (type) services.msc > OK Scroll down to DNS Client, Right-click and select: Properties Click the drop-down arrow for "Startup type" Select: Manual, click Apply/Ok and restart. ---------------------- Reboot when done and........ Download Combofix to your desktop. Doubleclick combo.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang. When finished, it should produce a log, combofix.txt. Post this log in your next reply together with a new hijackthislog. ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox.

jpf321 View Member Profile	May 22 2007, 09:54 PM Post #4
New Member Group: Authentic Member Posts: 19 Joined: 20-May 07 Member No.: 70,282 Operating System: Win XP	Hey good to see you again .. a couple problems with your instructions .. 1) There were no programs in Add/Remove which I did not recognize or that contained anything like "Oin". 2) When I double click on the OiUninstaller.exe it disappears and nothing happens. Almost like it deletes itself. The first time that I ran it, I got an AVG warning about Adware.Purity (I think) and I told it to clean/quarantine it. Maybe that's the problem. I'm holding at this point until I hear more from you. Thanks, jpf

LDTate View Member Profile	May 23 2007, 05:47 AM Post #5
Forum God Group: Root Admin Posts: 43,015 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	QUOTE Adware.Purity That's the infection you have. Just move on with the rest of the fix I posted.

jpf321

May 23 2007, 11:32 AM

Post #6

New Member

Group: Authentic Member
Posts: 19
Joined: 20-May 07
Member No.: 70,282
Operating System: Win XP

HJT & ComboFix Logs.

Logfile of HijackThis v1.99.1
Scan saved at 1:28:59 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\JPF\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
D:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\Program Files\BOINC\projects\climateprediction.net\hadcm3trans_5.15_windows_intelx86.exe
D:\Program Files\BOINC\projects\climateprediction.net\hadcm3transum_5.15_windows_intelx86.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] d:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Fi