Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

"Exploit" and "Virtumonde" Are they gone?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Andee

Andee

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 18 February 2007 - 11:13 PM

went through the self-help tutorials and followed the instructions, but I could look at the logfiles all day with a gun to my head threatening my life and wouldn't know if I had solved the problems that I didn't even know were there! So, here are the logs: Ad-Aware SE Build 1.06r1 Logfile Created on:Sunday, February 18, 2007 11:48:00 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R153 15.02.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie(TAC index:3):19 total references Virtumonde(TAC index:10):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R153 15.02.2007 Internal build : 193 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 1009128 Bytes Total size : 3290444 Bytes Signature data size : 3244513 Bytes Reference data size : 45419 Bytes Signatures total : 86893 CSI Fingerprints total : 5967 CSI data size : 287085 Bytes Target categories : 15 Target families : 1048 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:28 % Total physical memory:261100 kb Available physical memory:72384 kb Total page file size:641040 kb Available on page file:374216 kb Total virtual memory:2097024 kb Available virtual memory:2031980 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Don't log streams smaller than 0 Bytes Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Use permanent archive caching Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Disable manual quarantine if auto-quarantine is selected Set : Reanalyze results after scanning before displaying results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Create log file for removal operations Set : Include alternate data stream details in log file Set : Dump details about unhandled exceptions to disk Set : Play sound at scan completion if scan locates critical objects 2-18-2007 11:48:00 AM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 608 ThreadCreationTime : 2-18-2007 2:58:03 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 664 ThreadCreationTime : 2-18-2007 2:58:07 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 688 ThreadCreationTime : 2-18-2007 2:58:09 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 732 ThreadCreationTime : 2-18-2007 2:58:12 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 744 ThreadCreationTime : 2-18-2007 2:58:12 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 900 ThreadCreationTime : 2-18-2007 2:58:15 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 984 ThreadCreationTime : 2-18-2007 2:58:15 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1076 ThreadCreationTime : 2-18-2007 2:58:16 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1132 ThreadCreationTime : 2-18-2007 2:58:16 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1176 ThreadCreationTime : 2-18-2007 2:58:16 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [vsmon.exe] FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs\ ProcessID : 1204 ThreadCreationTime : 2-18-2007 2:58:17 PM BasePriority : Normal FileVersion : 6.5.737.000 ProductVersion : 6.5.737.000 ProductName : TrueVector Service CompanyName : Zone Labs, LLC FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : vsmon.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1656 ThreadCreationTime : 2-18-2007 2:58:32 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1768 ThreadCreationTime : 2-18-2007 2:58:38 PM BasePriority : Normal FileVersion : 7,1,0,365 ProductVersion : 7.1.0.365 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:14 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1804 ThreadCreationTime : 2-18-2007 2:58:39 PM BasePriority : Normal FileVersion : 7,1,0,349 ProductVersion : 7.1.0.349 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:15 [ctsvccda.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1828 ThreadCreationTime : 2-18-2007 2:58:39 PM BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:16 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1868 ThreadCreationTime : 2-18-2007 2:58:39 PM BasePriority : Normal FileVersion : 6.14.10.5216 ProductVersion : 6.14.10.5216 ProductName : NVIDIA Driver Helper Service, Version 52.16 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 52.16 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:17 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1912 ThreadCreationTime : 2-18-2007 2:58:40 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:18 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1996 ThreadCreationTime : 2-18-2007 2:58:41 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:19 [mspmspsv.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2032 ThreadCreationTime : 2-18-2007 2:58:41 PM BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:20 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1072 ThreadCreationTime : 2-18-2007 2:58:54 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:21 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1028 ThreadCreationTime : 2-18-2007 2:59:48 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:22 [dsentry.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 816 ThreadCreationTime : 2-18-2007 3:01:23 PM BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : Dell - DVDSentry CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry LegalCopyright : Copyright © 2002 Dell OriginalFilename : DSentry.exe Comments : DVDSentry launches your software DVD player when a DVD is inserted. #:23 [wkufind.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\ ProcessID : 920 ThreadCreationTime : 2-18-2007 3:01:24 PM BasePriority : Normal FileVersion : 9.00.0912.0 ProductVersion : 9.00.0912.0 ProductName : Update Detection Module CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Update Detection InternalName : WkUFind LegalCopyright : Copyright © 1987-2003 Microsoft Corporation. OriginalFilename : WkUFind.exe #:24 [directcd.exe] FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\ ProcessID : 1668 ThreadCreationTime : 2-18-2007 3:01:27 PM BasePriority : Normal FileVersion : 5.3.2.34 ProductVersion : 5.3.2.34 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright © 2001,2002, Roxio, Inc. OriginalFilename : Directcd.exe #:25 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1248 ThreadCreationTime : 2-18-2007 3:01:29 PM BasePriority : Normal FileVersion : 7,1,0,406 ProductVersion : 7.1.0.406 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2006, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:26 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1384 ThreadCreationTime : 2-18-2007 3:01:31 PM BasePriority : Normal FileVersion : 7,1,0,400 ProductVersion : 7.1.0.400 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2006, GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:27 [zlclient.exe] FilePath : C:\Program Files\Zone Labs\ZoneAlarm\ ProcessID : 1464 ThreadCreationTime : 2-18-2007 3:01:34 PM BasePriority : Normal FileVersion : 6.5.737.000 ProductVersion : 6.5.737.000 ProductName : Zone Labs Client CompanyName : Zone Labs, LLC FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : zlclient.exe #:28 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_06\bin\ ProcessID : 1052 ThreadCreationTime : 2-18-2007 3:01:37 PM BasePriority : Normal #:29 [teatimer.exe] FilePath : C:\Program Files\Spybot - Search & Destroy\ ProcessID : 884 ThreadCreationTime : 2-18-2007 3:01:40 PM BasePriority : Idle FileVersion : 1, 4, 0, 2 ProductVersion : 1, 4, 0, 3 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. #:30 [hpotdd01.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ProcessID : 2096 ThreadCreationTime : 2-18-2007 3:01:57 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Hewlett-Packard hpotdd01 CompanyName : Hewlett-Packard FileDescription : hpotdd01 InternalName : hpotdd01 LegalCopyright : Copyright © 2002 OriginalFilename : hpotdd01.exe #:31 [wkcalrem.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\ ProcessID : 2120 ThreadCreationTime : 2-18-2007 3:01:59 PM BasePriority : Normal FileVersion : 6.00.1911.0 ProductVersion : 6.00.1911.0 ProductName : Microsoft® Works 6.0 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Calendar Reminder Service InternalName : WkCalRem LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved. OriginalFilename : WKCALREM.EXE #:32 [nkvmon.exe] FilePath : C:\Program Files\Nikon\NkView5\ ProcessID : 2176 ThreadCreationTime : 2-18-2007 3:02:02 PM BasePriority : Normal FileVersion : 5, 1, 3, 3000 ProductVersion : 5, 1 ProductName : Nikon Monitor CompanyName : Nikon Corporation FileDescription : Nikon Monitor InternalName : NkvMon LegalCopyright : Copyright © Nikon Corporation. 1998 - 2002 OriginalFilename : NkvMon.exe Comments : Nikon Monitor #:33 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3108 ThreadCreationTime : 2-18-2007 3:06:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:34 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 3276 ThreadCreationTime : 2-18-2007 3:07:17 PM BasePriority : Normal FileVersion : 7.0.0813 ProductVersion : 7.0.0813 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2005 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:35 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2240 ThreadCreationTime : 2-18-2007 5:47:04 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Virtumonde Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75dc57f8-d831-4ab8-86b7-4f826f4a0873} Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@trafficmp[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:andrea@trafficmp.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@ads.pointroll[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:11 Value : Cookie:andrea@ads.pointroll.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@msnportal.112.2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:16 Value : Cookie:andrea@msnportal.112.2o7.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@112.2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:17 Value : Cookie:andrea@112.2o7.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:40 Value : Cookie:andrea@2o7.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@adopt.euroclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookie:andrea@adopt.euroclick.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@adlegend[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:andrea@adlegend.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@as-us.falkag[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:andrea@as-us.falkag.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@live365[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:andrea@live365.com/ Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 9 Objects found so far: 10 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@about[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@about[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@adultfriendfinder[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@adultfriendfinder[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@clickability[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@clickability[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@content.ipro[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@content.ipro[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@indexstats[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@indexstats[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@revsci[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@revsci[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@s.clickability[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@s.clickability[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : andrea@searchportal.information[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@searchportal.information[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : kids@indexstats[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Kids\Cookies\kids@indexstats[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : kids@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Kids\Cookies\kids@mediaplex[1].txt Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 20 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 20 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 20 12:19:04 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:31:03.843 Objects scanned:203870 Objects identified:20 Objects ignored:0 New critical objects:20 Log for AVG scan in safe mode --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 5:58:18 PM 2/18/2007 + Scan result: :mozilla.27:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.77:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.42:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.43:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.44:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.45:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.46:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.37:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.38:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.39:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.41:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.28:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.17:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.54:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.29:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Kids\Cookies\kids@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.31:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.32:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.33:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.34:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.30:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.35:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.36:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.40:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.22:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.23:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.25:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.26:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.18:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.19:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.20:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.21:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.24:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.10:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.11:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.12:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.13:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.14:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.15:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.7:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.8:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\v2wiy9h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. ::Report end Log for AVG in normal mode --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 9:55:30 PM 2/18/2007 + Scan result: C:\Documents and Settings\Andrea\Local Settings\Temp\clientax.dll -> Adware.Solution : Cleaned. :mozilla.100:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.101:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.102:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.103:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.151:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.172:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.236:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.313:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.427:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.85:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.86:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.87:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.88:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.89:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.90:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.91:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.92:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.93:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.94:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.95:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.96:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.97:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.98:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.99:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Andrea\Cookies\andrea@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Andrea\Cookies\andrea@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Andrea\Cookies\andrea@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.122:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.123:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.124:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.125:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.126:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.127:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.405:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.406:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.470:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.471:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.472:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.473:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.478:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.77:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.78:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.79:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.80:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.81:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.40:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.536:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.197:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.198:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.537:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.206:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.207:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.208:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.209:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.210:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.18:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.50:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.135:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.136:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.137:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Andrea\Cookies\andrea@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Andrea\Cookies\andrea@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. :mozilla.550:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. C:\Documents and Settings\Andrea\Local Settings\Temp\Cookies\andrea@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned. :mozilla.500:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.501:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.502:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.503:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.504:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.505:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.506:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.507:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.508:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.509:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.510:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.41:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.565:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned. :mozilla.347:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.72:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.143:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.144:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.145:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.146:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Andrea\Cookies\andrea@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.362:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.363:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.364:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.365:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.366:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.377:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.378:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.379:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.380:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.381:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.382:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.521:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned. :mozilla.32:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.33:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.194:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.395:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.396:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.397:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.398:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.399:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.138:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.139:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.140:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.141:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.142:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.422:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.423:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.424:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.425:C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\ff9fa0c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.426

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 February 2007 - 10:25 AM

Hello Andee :D

Welcome to Tom Coyote . Sorry about the delay in responding but we are as most times just overwhelmed with logs.

I need to see a Hijackthis log .


Hijackthis 1.99.1
Its important that Hijackthis is installed in its own permanent folder for backup purposes.
  • Use the link above or the links in my signature to download HJT 1.99.1 setup to your desktop
  • Double Click on the Setup icon and by defaut it will unzip to C:\Program Files\Hijackthis


  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread.
  • Please use Posted Imageand not Posted Image
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 Andee

Andee

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 24 February 2007 - 01:39 PM

Ken,

So sorry. I was SURE I had posted my HJT logs.....Wierd. I had two of them. Okay, well, here is a BRAND new HJT:

Logfile of HijackThis v1.99.1
Scan saved at 1:36:57 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.mfire.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.mfire.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://ie.search.msn...st/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program

Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = mFire
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program

Files\Kontiki\bin\bh309190.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7B84303F-5E69-4A19-BC4C-9031E2A8EB44} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program

Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common

Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5

\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server

/startmonitor /deaf
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06

\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -

quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640

\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Palm\AlarmApp.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%

\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat -

http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -

http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -

http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} (Mindjet MindManager Viewer

Control) - http://www.mindjet.c.../MjMmViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...ient/muweb_site.

cab?1158751130312
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International

Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -

http://www.live365.c...ers/play365.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) -

http://www.disney.go...GameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30043.www3.h.../qdiagh.cab?323
O17 - HKLM\System\CCS\Services\Tcpip\..\{087E720D-C66D-4D75-B0E2-CBFFD161498F}:

NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{087E720D-C66D-4D75-B0E2-CBFFD161498F}:

NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{087E720D-C66D-4D75-B0E2-CBFFD161498F}:

NameServer = 205.171.3.65,205.171.2.65
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32

\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 February 2007 - 01:45 PM

Hello Andee :D

I cant read you HJT log the way you posted it :(

  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 February 2007 - 02:23 PM

Andee,

I had a few minutes and looked over your log as best I could, be sure to follow the instructions in my last post to post it correctly.


We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the fix.

To disable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection >Options"
  • Uncheck "Turn on real-time protection (recommended)"
  • Remember to reactivate this feature when we have finished all our work.
=====================================

We need to disable the Tea Timer in Spybot Search and Destroy as to not interfere with the fix.
  • Open Spybot and go to Mode> Advanced Mode> Tools> Resident and take the checkmark out of Tea Timer
=======================================


You need to go to your Add-Remove Programs in the Control Panel and uninstall this program, read about it here to find out why.
C:\Program Files\Kontiki
http://www.extremete...3,365073,00.asp

==================================

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

=====================================

Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program
Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - (no file)
O2 - BHO: (no name) - {7B84303F-5E69-4A19-BC4C-9031E2A8EB44} - (no file)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)

O20 - Winlogon Notify: jkkjk - C:\WINDOWS\


==================================

Run this system cleaner

Download and Install CCleaner
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
* Click on Run Cleaner
Tutorial for CCleaner


Let me see the log from Vundofix and a New HJT log please.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 March 2007 - 12:45 PM

This topic is being closed due to lack of response, if you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users