Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack log


  • This topic is locked This topic is locked
15 replies to this topic

#1 honokaa

honokaa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 02 March 2007 - 01:38 AM

Please help!


Logfile of HijackThis v1.99.1
Scan saved at 8:40:58 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102471388562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160386443109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecureca...l/java/RntX.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove


#2 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 02 March 2007 - 09:48 AM

Hi honokaa.

Welcome to TomCoyote forums. :)

You have run HijackThis from G:\HijackThis.exe. Is this a removeable drive? If so, please move it to its own folder on your C drive (e.g. C:\HJT\HijackThis.exe). This is so that it can create backups of anything we fix.

----------------------------------------------------------------------

VundoFix

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • It will create a report named vundofix.txt on your main drive (C:\vundofix.txt)
Note: It is possible that VundoFix may encounter a file it cannot remove.
In this case, VundoFix will run on reboot Simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

---------------------------------------------------------------------

Please post the VundoFix report (C:\vundofix.txt) and a new HijackThis log as a reply to this post.
beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#3 honokaa

honokaa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 03 March 2007 - 11:57 AM

Hi,

Here's the results- Hijack first then Thank you very much for helping!


Logfile of HijackThis v1.99.1
Scan saved at 7:25:06 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\william\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.atribune.org
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102471388562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160386443109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecureca...l/java/RntX.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




VundoFix V6.3.12

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 8:48:10 PM 3/2/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.3.12

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 9:10:04 PM 3/2/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

#4 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 03 March 2007 - 04:58 PM

Hi honokaa.

I expected VundoFix to find an infection. There are lines missing from your HijackThis log that I would expect to see. It's possible that something is hiding from HijackThis. If this is the case, we need to rename HijackThis in order to fool the 'nasty' into letting us see the complete picture. Please rename HijackThis.exe to NoHide.exe.

Have you disabled or uninstalled ZoneAlarm (it's not showing in the latest HijackThis log)? If so, this leaves you with no antivirus or firewall software. Please advise as soon as possible.

You say "Please help!". What problems are you having with your computer. Please give as much detail as possible.

Please post, as a reply to this thread:
  • An answer to my question regarding ZoneAlarm
  • Details of the problem(s) with your computer
  • A new HijackThis log

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#5 honokaa

honokaa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 03 March 2007 - 05:47 PM

Hi,

I did disable Zone Alarm, but I've installed free versions of WinPatrol & XoftSpySE. I also have Windows Defender.

Regarding computer problems, I've been suspicious that someone has been remotely monitoring my machine. For example, I've never used Windows Frontpage and it appeared on my Start Menu and I was not able to delete files created in the program.

Also, when I tried to purchase license for spyware in IE the page came up, "You don't have permission," and Firefox page read, "This item has been blocked." Moreover, everytime I checked Windows Firewall after starting up it was off when I had turned it on. I deleted a user for ASP.NET.

Today I disabled all RPC related things from WinPatrol Explorer, but Remote Access Connection Mgr & Remote Registry are still running though disabled.

Again, thank you very much for your help.

Honokaa

Logfile of HijackThis v1.99.1
Scan saved at 1:32:12 PM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\william\My Documents\NoHide.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.atribune.org
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102471388562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160386443109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecureca...l/java/RntX.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#6 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 04 March 2007 - 07:55 AM

Hi honokaa.

Please re-enable ZoneAlarm. WinPatrol, XoftSpySE and Windows Defender do not cover this side of things.

...everytime I checked Windows Firewall after starting up it was off when I had turned it on

Windows Firewall should be turned off when ZoneAlarm is running. Two firewalls running at the same time can cause problems. ZoneAlarm is probably turning it off.

Renaming HijackThis did not reveal any new items on the the log. Please could you reinstate the old name, as some of the functions do not work if it has been renamed (i.e. rename NoHide.exe as HijackThis.exe).

--------------------------------------------------------------

I would like to see a list of the programs on your computer.

Please reboot the computer and open HijackThis.
  • Click on the Open the Misc Tools section button
  • Click on Open Uninstall Manager...
  • Click on Save List... (towards the bottom right)
  • Save the text file to a convenient location
---------------------------------------------------------

Still in HijackThis:
  • Click on the Open the Misc Tools section button
  • In the Startup List section:
    • Tick List also minor sections (full)
    • Tick List empty sections (complete)
  • Click the Generate Startup List log button
  • Click Yes
  • Copy/paste the contents of the log, as a reply to this post
---------------------------------------------------------

ATF Cleaner by Atribune ©

Download ATF Cleaner by Atribune © from here : http://www.atribune..../click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.
  • Make sure that all browser windows are closed
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
------------------------------------------------

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan? - Select Scan every file.
You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
-----------------------------------------------------------------

Reboot in Normal Mode.

-----------------------------------------------------------

Please post, as areply to this thread:
  • The HijackThis Uninstall list
  • The HijackThis Startup list
  • The AVG Anti-Spyware report
  • A new HijackThis log

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#7 honokaa

honokaa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 04 March 2007 - 11:24 PM

Hi Beynac,

Again, mahalo nui loa (thank you very much) for helping. The characters maxed out so I have to reply in two messages.


The uninstall list:


802.11 Wireless LAN
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
Backup Dell-Installed Programs
Canon FV40, ZR70 MC WIA Driver
Conexant HSF V92 56K Data Fax PCI Modem
DelFin Media Viewer
Dell Digital Jukebox Driver
Dell ResourceCD
Easy CD Creator 5 Basic
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Image Zone 4.7
hp photosmart printer series (Remove only)
HP PSC & OfficeJet 4.7
HP Share-to-Web
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
K-Lite Codec Pack 2.72 Basic
MailFrontier Desktop
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office XP Standard for Students and Teachers
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Live OneCare Resources v1.5.1890.18
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v1.5.1890.18
Microsoft Windows OneCare Live v1.5.1890.18 Idcrl Install
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.5.0.10)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
PX Engine
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Shockwave
Spybot - Search & Destroy 1.3
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
Visioneer PaperPort Viewer 5.0
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPatrol 2007 Restore/Remove First
WinPatrol 2007 Step 2
XoftSpySE
ZoneAlarm






Here's the start list:

StartupList report, 3/4/2007, 9:03:40 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\william\My Documents\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\william\My Documents\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\william\Start Menu\Programs\Startup]
Configuration & Monitor Utility.lnk = ?

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
mmtask = "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
WinPatrol = C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
OneCareUI = "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = Notepad.exe %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

[{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath = rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmyst.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Quick Scan.job
MP Scheduled Scan.job
MP Scheduled Signature Update.job
XoftSpySE.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://download.micr...heckControl.cab

[Microsoft Data Collection Control]
InProcServer32 = C:\WINDOWS\system32\odc.dll
CODEBASE = https://support.micr...ActiveX/odc.cab

[{33363249-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/i263_32.cab

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/wmv9dmo.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.onec...lscbase9602.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1102471388562

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1160386443109

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft.../as5/asinst.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7539.8168518519

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[Live Collaboration]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RntX.dll
CODEBASE = https://rr.esecureca...l/java/RntX.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\rsvpsp.dll
Protocol #21: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
basic2: System32\DRIVERS\basic2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver: System32\DRIVERS\DM9PCI5.SYS (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
MS IEEE-1284.4 Driver: System32\DRIVERS\Dot4.sys (manual start)
Dot4 HPH09: System32\DRIVERS\hphid409.sys (manual start)
Print Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Prt.sys (manual start)
Print Class Driver for IEEE-1284.4 HPH09: System32\DRIVERS\hphipr09.sys (manual start)
Storage Class Driver for IEEE-1284.4 (HPH09): System32\Drivers\hphs2k09.sys (manual start)
Dot4USB Filter Dot4USB Filter: System32\DRIVERS\dot4usb.sys (manual start)
Dot4Usb HPH09: System32\drivers\hphius09.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\fallback.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\fsksnt.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\ImapiRox.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (autostart)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\k56nt.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
kl1: System32\Drivers\kl1.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
Microsoft Malware Protection Driver: system32\DRIVERS\MpFilter.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (autostart)
MSFWDrv: system32\DRIVERS\msfwdrv.sys (autostart)
MSFWHLPR: system32\DRIVERS\msfwhlpr.sys (system)
OneCare Firewall: "C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" (autostart)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
OneCare AntiSpyware and AntiVirus: "C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" (autostart)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCANDIS5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver: C:\WINDOWS\System32\HPHipm09.exe (manual start)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (autostart)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Rksample: System32\DRIVERS\rksample.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SoftFax: System32\DRIVERS\faxnt.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{4C4E2584-4A14-4AD7-A5AE-BF621AAFE009} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Tones: System32\DRIVERS\tonesnt.sys (autostart)
USB Storage Adapter V2 (TPP): System32\DRIVERS\TPP200.SYS (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
USB Remote NDIS Network Device Driver: System32\DRIVERS\usb8023.sys (manual start)
V124: System32\DRIVERS\v124nt.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Live OneCare: C:\Program Files\Microsoft Windows OneCare Live\winss.exe (autostart)
WLAN FVNETusb(505_2958)® Service for USB Wireless LAN Card: System32\DRIVERS\ainu58x.sys (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 36,747 bytes
Report generated in 0.265 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only











-

#8 honokaa

honokaa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 04 March 2007 - 11:26 PM

Here's the second part. AVG report: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:37:41 AM 3/4/2007 + Scan result: HKLM\SOFTWARE\DelFin -> Adware.Delfin : Cleaned with backup (quarantined). HKLM\SOFTWARE\DelFin\PromulGate -> Adware.Delfin : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Adware.Delfin : Cleaned with backup (quarantined). HKU\S-1-5-21-1214440339-1614895754-1417001333-1003\Software\DelFin -> Adware.Delfin : Cleaned with backup (quarantined). HKU\S-1-5-21-1214440339-1614895754-1417001333-1003\Software\DelFin\PromulGate -> Adware.Delfin : Cleaned with backup (quarantined). :mozilla.260:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.99:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.100:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.101:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.107:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.11:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.12:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.141:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.152:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.153:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.154:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.155:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.157:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.158:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.159:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.160:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.161:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.162:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.163:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.164:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.165:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.167:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.177:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.202:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.252:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.36:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.37:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.38:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.42:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.43:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.46:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.47:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.48:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.49:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.50:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.51:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.52:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.53:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.54:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.55:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.56:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.57:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.58:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.59:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.60:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.61:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.62:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.63:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.64:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.65:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.150:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.169:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.17:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.17:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.18:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.18:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.19:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.215:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.23:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.24:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.56:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.57:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.58:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.170:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned. :mozilla.171:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned. :mozilla.148:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.149:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.150:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.151:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.438:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.439:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.440:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.441:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.442:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.768:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.769:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.116:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.117:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.118:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.119:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.120:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.121:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.122:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.10:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.19:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.20:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.21:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.22:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.23:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.28:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.29:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.30:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.31:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.32:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.412:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.413:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.414:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.415:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.416:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.417:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.418:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.419:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.420:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.421:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.422:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.423:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.424:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.425:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.426:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.427:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.428:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.429:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.430:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.431:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.432:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.433:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.434:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.435:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.436:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.437:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.51:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.52:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.53:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.54:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.55:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.6:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.7:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.8:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.9:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.11:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.21:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.26:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.36:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.49:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.222:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Bfast : Cleaned. :mozilla.720:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Bfast : Cleaned. :mozilla.208:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.253:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.66:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.772:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.736:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.105:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.255:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.107:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.217:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.30:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.50:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.51:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.54:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.287:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.288:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.289:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.45:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.46:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.81:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.82:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.83:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.84:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.85:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.86:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.87:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.261:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned. :mozilla.262:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned. :mozilla.263:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned. :mozilla.264:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned. :mozilla.237:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.702:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.706:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.707:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.708:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.715:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.719:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.532:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Co : Cleaned. :mozilla.781:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Com : Cleaned. :mozilla.782:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Com : Cleaned. :mozilla.342:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.18:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.28:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.32:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.33:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.65:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.108:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.109:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.237:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.238:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.27:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.29:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.30:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.31:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.32:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.48:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.49:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.50:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.485:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Findwhat : Cleaned. :mozilla.661:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.662:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.381:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.523:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.102:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.103:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.126:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.167:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.168:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.169:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.196:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.217:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.218:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.219:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.220:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.312:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.313:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.314:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.390:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.471:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.472:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.473:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.475:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.488:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.533:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.538:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.563:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.596:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.597:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.59:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.60:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.630:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.633:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.70:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.71:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.767:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.90:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.91:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.92:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.93:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.94:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.245:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Information : Cleaned. :mozilla.53:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Information : Cleaned. :mozilla.544:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Internetfuel : Cleaned. :mozilla.545:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Internetfuel : Cleaned. :mozilla.546:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Internetfuel : Cleaned. :mozilla.547:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Internetfuel : Cleaned. :mozilla.548:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Internetfuel : Cleaned. :mozilla.663:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.664:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.665:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.30:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.348:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.25:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.26:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.28:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.46:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.47:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.53:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.64:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.65:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.109:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.110:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.199:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.27:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned. :mozilla.335:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned. :mozilla.233:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned. :mozilla.63:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned. :mozilla.96:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Paycounter : Cleaned. :mozilla.116:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.117:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.118:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.119:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.239:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.240:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.241:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.321:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.322:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.325:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.91:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.92:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.93:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.94:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.75:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Porntrack : Cleaned. :mozilla.100:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.104:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.105:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.106:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.29:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.83:C:\Documents and Settings\Auslander\Application Data\Mozilla\Firefox\Profiles\wv0bfd6b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.98:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.99:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.779:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Real : Cleaned. :mozilla.780:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Real : Cleaned. :mozilla.254:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.255:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.514:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.515:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.516:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.517:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.518:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.67:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.68:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.69:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.70:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.71:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.244:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.52:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.636:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.10:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.178:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.179:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.180:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.184:C:\Documents and Settings\BILL2\Application Data\Mozilla\Firefox\Profiles\pa824rs4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.39:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.40:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.41:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\hs81ko08.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.9:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\0nxhfoq4.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.587:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.588:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.589:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.590:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\8591yav8.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.120:C:\Documents and Settings\B

#9 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 05 March 2007 - 05:01 AM

Good morning honokaa.

Your reply still got cut off despite using two posts. Sorry, I should have warned you that this could happen. However, before you re-post, we need to sort a couple of things out.

-----------------------------------------------------------------

I note that you re-ctivated ZoneAlarm as I requested. You have also installed Windows Live OneCare which includes a firewall. You now need to uninstall ZoneAlarm (not disable it) as two firewalls can cause problems. I'm surprised that you didn't get prompted to do this when you installed OneCare. Perhaps it was because it was disabled at the time. The FAQs state:

During setup, OneCare checks for the some common antivirus and firewall programs that are known to conflict and provides means for you to uninstall them.

Please disable ZoneAlarm and then uninstall it using Add/Remove programs. Reboot the computer when the uninstallation has completed.

-----------------------------------------------------------------

ATF Cleaner by Atribune ©

Your AVG Anti-Spyware report is long because of the amount of cookies it found. We need to clean things up a bit. First, we need to move ATF Cleaner so that it is available for all users. Click on the ATF Cleaner icon on your desktop and select Copy.

Click Start then Run.... Copy/paste C:\Documents and Settings\All Users\Desktop into the text box and click OK. Right-click in the folder that opens and select Paste. ATF Cleaner should now be on the Desktop for all users.

Please log on as each user account and run ATF Cleaner. Make sure that all other windows are closed when you run it. I will repeat the instructions for clarity.
  • Make sure that all browser windows are closed
  • Double-click the icon on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
---------------------------------------------------------------

AVG Anti-Spyware:

Please udate AVG Anti-Spyware. Click the Update icon at the top and under Manual Update click the Start update button. The program will either update or inform you that no update was available. You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
-----------------------------------------------------------------

Reboot in Normal Mode.

--------------------------------------------------------------------

Please post:
  • The AVG Anti-Spyware report
  • A new HijackThis log

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#10 honokaa

honokaa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 March 2007 - 01:33 PM

Hi Beynac,

AVG scan:



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

A V G A n t i - S p y w a r e - S c a n R e p o r t

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



+ C r e a t e d a t : 9 : 0 2 : 5 7 A M 3 / 6 / 2 0 0 7



+ S c a n r e s u l t :







N o t h i n g f o u n d .





: : R e p o r t e n d



HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 9:24:23 AM, on 3/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\Documents and Settings\william\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.atribune.org
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102471388562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160386443109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecureca...l/java/RntX.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Thanks again!

Honokaa

    Advertisements

Register to Remove


#11 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 06 March 2007 - 02:38 PM

Hi honokaa.

That's looking good! Just a few things to tidy up now.

I've never used Windows Frontpage and it appeared on my Start Menu and I was not able to delete files created in the program.

The usual Frontpage program is called Microsoft Frontpage, not Windows Frontpage. Neither appear in your HijackThis Uninstall list. I assume you mean it's on your Start > All Programs menu. Could you please tell me exactly what appears on the Start Menu. Is it a single program or is there a folder? If there's a folder, what programs are within it? Could you also let me know what files were created by the program (the ones that you were unable to delete).

--------------------------------------------------------------

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

O15 - Trusted Zone: *.atribune.org
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecureca...l/java/RntX.cab
O18 - Filter: text/html - (no CLSID) - (no file)

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

Reboot the computer.

------------------------------------------------------------

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6.
  • Go to http://java.sun.com/...loads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE). You have, at least:
    • J2SE Runtime Environment 5.0 Update 1
    • J2SE Runtime Environment 5.0 Update 2
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
------------------------------------------------------

Kaspersky Online Scanner

Using Internet Explorer, go to: http://www.kaspersky.com/virusscanner
  • Click on Kaspersky Online Scanner
  • Click the Accept button
  • Follow the prompts to download and install the ActiveX component(s) and other software
    • If a yellow information bar appears at the top of the browser window, click on it and select Install ActiveX Control
    • If a message box appears, click on OK or Run as appropriate
  • Click Accept again (see the note below if using IE7)
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click 'Next'.
  • Now click on 'Scan Settings'
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
    • Scan Options: 'Scan Archives' and 'Scan Mail Bases'
  • Click 'OK'
  • Now under 'Select a target to scan' select 'My Computer'
  • The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
  • Now click on the Save as... button:
  • Save the report to your desktop (Save as type: Text document (txt))
Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

----------------------------------------------------------

Please let me know about Frontpage, and post the following:
  • The Kaspersky report
  • A new HijackThis log
Please also let me know how your computer is running now. Do you still suspect that someone's monitoring your computer. If so, what makes you suspect that.
beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#12 honokaa

honokaa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 07 March 2007 - 12:16 PM

Hi Beynac,

Yes, it is Micrsoft Frontpage, my bad. It appeared on the Start > All Programs menu. Its the program Frontpage and the files created were "file:///C:/Documents and Settings/william/My Documents/My Webs/myweb" with subfolders called "private" and "pictures". I was unable to delete these files for a week and last Friday I was able to by right clicking and deleting. Also in the Start menu are IE, Notepad, Win Patrol, Command Prompt, WinDefender, AVG and Remote Assistance.

I suspect a person I share the network with is monitoring my computer, he's very computer savvy. He set up our network, partitioned my hard drive and has done diagnostic work before. Recently I came home and someone had accidently left my computer on (they hadn't checked off on the dialog box "Are you sure you want to log off because other people are logged on, etc") and a jump drive had been inserted in my F drive.

In the past he has shown me how he can watch another machine's desktop from his on a network.

Kaspersky report:

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 07, 2007 6:13:31 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/03/2007
Kaspersky Anti-Virus database records: 277436
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 54427
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:35:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-03032007-211727.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\william\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\william\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\william\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\william\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\william\Local Settings\History\History.IE5\MSHist012007030620070307\index.dat Object is locked skipped
C:\Documents and Settings\william\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\william\ntuser.dat Object is locked skipped
C:\Documents and Settings\william\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\william\UserData\index.dat Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E1549E9A-D856-4156-ABF1-5FFA9C229A50}\RP235\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



New Hijack:



Logfile of HijackThis v1.99.1
Scan saved at 7:55:02 AM, on 3/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\Documents and Settings\william\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102471388562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160386443109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Again, mahalo nui loa!

Honokaa

#13 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 07 March 2007 - 02:18 PM

Hi honokaa.

Your computer is not, and has not, been infected with malware. Your latest HijackThis log and the Kaspersky report are both clean. It seems to me that your only worry is that this other person has access to your computer. The fact that he appears to have installed Frontpage on your computer tells me that he is not trying to hide the fact that he uses it. The files were a website built using Frontpage. This was saved to your user account (assuming that you are william). There doesn't appear to be anything underhand about this. I suggest that you talk to him about your concerns. You say that he set up the network, partitioned your hard drive and presumably installed and configured your system. Quite frankly, you are not easily going to prevent him having access. If he only had remote access, through the network, you could lock things down a bit. He obviously has physical access to the computer in your home. The bottom line is whether he has the right to access your computer. If not, tell him to stop. Otherwise, you can only share your concerns and try to persuade him to leave it alone.

You can delete VundoFix and its report (C:\vundofix.txt). ATF Cleaner and AVG Anti-Spyware are useful programs - I suggest that you keep them.

Please let me know if you have any further questions.
beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#14 honokaa

honokaa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 07 March 2007 - 03:15 PM

Hi Beynac, Again, thanks for all your help. If I did want to lock things down a bit to help prevent remote access, what would I do? I can install a lock on the door. Mahalo nui loa! Honokaa

#15 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 08 March 2007 - 03:19 AM

Hi Honokaa.

I'm sorry, but I am unable to help you with this. There are two reasons:
  • This person set up your system and is obviously in charge of the network. I don't think that it would be possible to lock things down enough to completely exclude him. I am not a network expert and could only recommend basic security measures, which I am certain would not be sufficient.

  • As this person is at your home, I feel that I may be becoming involved in a family matter. In these circumstances, I feel that it would be wrong for me to advise you how to change whatever access this person has set up.
I can only repeat my previous statement:

The bottom line is whether he has the right to access your computer. If not, tell him to stop. Otherwise, you can only share your concerns and try to persuade him to leave it alone.


Edited by beynac, 08 March 2007 - 07:38 AM.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users