Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Log file HJT

Started by Tom12 , Feb 17 2006 03:20 PM

  • This topic is locked This topic is locked
4 replies to this topic

#1 Tom12

Tom12

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 17 February 2006 - 03:20 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:23:01 PM, on 2/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\HiJackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128000715\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [cdowrs] C:\WINDOWS\system32\cdowrs.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: BHODemon 2.0.lnk = C:\BHODemon 2\BHODemon.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm414
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Andrea Melone\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxres...m/Preloader.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1137026932218
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.c...ient403/kdx.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...aploader_v7.cab
O21 - SSODL: QmHkDjP - {40F9DB0A-EA53-71A0-7287-C2346A12F057} - C:\WINDOWS\system32\eow.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW50b25pbyBNZWxvbmU\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\system32\perfont.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 17 February 2006 - 08:53 PM

You are running at least two anti virus programs.
There is no harm in having a second or even third as a on demand scanner but don’t have two running at the same time.
This will cause a real slow down in your processing speed. You will need to stop or remove one of them.

Download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.
With a new hijackthis log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 Tom12

Tom12

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 21 February 2006 - 03:34 PM

Here is the ewido scan followed by the HiJack this scan.
Thanks a bunch!

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:34:43 AM, 2/21/2006
+ Report-Checksum: B88D4DDF

+ Scan result:

HKLM\SOFTWARE\Classes\SearchHelp -> Adware.MidAddle : Error during cleaning
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand -> Adware.BlazeFind : Error during cleaning
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand.1 -> Adware.BlazeFind : Error during cleaning
HKLM\SOFTWARE\Dsi -> Adware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup
HKU\S-1-5-21-1282138258-2243138800-104724495-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1282138258-2243138800-104724495-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup
C:\Documents and Settings\A Smith\Start Menu\Programs\SpySheriff -> Adware.SpySheriff : Cleaned with backup
C:\Documents and Settings\A Smith\Start Menu\Programs\SpySheriff\SpySheriff.lnk -> Adware.SpySheriff : Cleaned with backup
C:\Documents and Settings\A Smith\Cookies\A Smith@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\A Smith\Cookies\A Smith@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\3Xcgc.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\6jop.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\7.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\9Ps.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\C1xeqbSG.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\ckw4NXF1O.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\E.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\edLYe9G.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\EwBzV.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\F9qZ.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\fGIdn6gD.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\hJPi.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\ISNI.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\J.dll -> Adware.Midadle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\k5.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\KrvX6Dhr.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\L.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\Lld7dV9T.dll -> Adware.Midadle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\N4IAqdt.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\nB5MPdhk2.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\NT9rDNFF.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\OxKNAVsG.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\qKYxoUg.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\RTWXb5.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\TW3.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\u6aGZ.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\U9ZU.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\W.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\wC.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\xld.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\A Smith\Local Settings\Temp\ZOjvDc50.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.9:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.15:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.16:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.47:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.57:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.61:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.62:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.63:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.64:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.65:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.68:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.78:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.79:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.80:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.82:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.83:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.84:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.86:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.90:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.107:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.108:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.109:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.110:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.134:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.136:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.160:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.161:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.162:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.163:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.164:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.172:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.173:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.180:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.187:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.188:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.189:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.192:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.193:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.194:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.195:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.196:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.197:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.198:C:\Documents and Settings\M Smith\Application Data\Mozilla\Firefox\Profiles\xt638e23.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\0z.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\3qoLJ.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\6Ws.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\8njWJ.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\bDm.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\BWc.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\De.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\e.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\FCC.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\fjMTP.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\gOvC.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\H4tl1Z1.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\hPQd.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\jhH5P.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\KAxGw.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\lPIko.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\N.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\nwK.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\OMHwF.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\pjXaH4d.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\q2.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\Rw0C.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\tJemq.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\toolbar.dll -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\TTnvQLtEp.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\TYRu7ZC.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\U24.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\UICB4i.dll -> Adware.Midadle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\va5dVY.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\WuVODX.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\yG9xq.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\ZJ.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\zlDbIF.dll -> Adware.Midaddle : Cleaned with backup
C:\Documents and Settings\R Smith\Local Settings\Temp\zq8a.dll -> Adware.Midaddle : Cleaned with backup
C:\downloads\CinemaTycoon-WinSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\downloads\CinemaTycoon-WinSetup-dm[2].exe -> Adware.Trymedia : Cleaned with backup
C:\downloads\CoffeeTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\downloads\Tradewinds2Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Program Files\Network Monitor\netmon(2).exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\Support.com\backup\NE\newdotnet5_48.dll\221184_54a64af32_/newdotnet5_48.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Support.com\backup\NE\newdotnet5_64.dll\221184_54ad8e715_/newdotnet5_64.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Support.com\backup\NE\newdotnet6_22.dll\225280_5dd1ff9a5_/newdotnet6_22.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Support.com\backup\NE\newdotnet6_30.dll\229376_568966ed3_/newdotnet6_30.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Support.com\backup\NE\newdotnet6_38-1.dll\229376_51a9f736b_/newdotnet6_38-1.dll -> Adware.NewDotNet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2243138800-104724495-500\Dc113.tmp -> Adware.SurfSide : Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2243138800-104724495-500\Dc696.cab/TBPS.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2243138800-104724495-500\Dc779.dll -> Adware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP27\A0237543.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP34\A0240904.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP34\A0242204.exe -> Adware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP34\A0242205.exe -> Adware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP34\A0242207.exe -> Adware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP34\A0242209.exe -> Adware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP34\A0249294.dll -> Adware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP34\A0249546.exe -> Adware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB

/*
'//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Logfile of HijackThis v1.99.1
Scan saved at 9:31:02 AM, on 2/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\1128000715\ee\aolsoftware.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\BHODemon 2\BHODemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\common files\aol\1128000715\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1128000715\ee\aolsoftware.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\HiJackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128000715\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [cdowrs] C:\WINDOWS\system32\cdowrs.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: BHODemon 2.0.lnk = C:\BHODemon 2\BHODemon.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm414
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\A Smith\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1137026932218
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...aploader_v7.cab
O21 - SSODL: QmHkDjP - {40F9DB0A-EA53-71A0-7287-C2346A12F057} - C:\WINDOWS\system32\eow.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW50b25pbyBNZWxvbmU\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\system32\perfont.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 22 February 2006 - 08:55 AM

Close all programs leaving only HijackThis running. Place a check against each of the following,

R3 - Default URLSearchHook is missing
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm414
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW50b25pbyBNZWxvbmU\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\system32\perfont.exe (file missing)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here
Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\QW50b25pbyBNZWxvbmU\command.exe (file missing)
C:\Program Files\Network Monitor\netmon.exe (file missing)
C:\WINDOWS\system32\perfont.exe (file missing)
Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 10 March 2006 - 05:04 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·