Rick
hijack log after AVG was run once in safe mode then again in normal mode
Logfile of HijackThis v1.99.1
Scan saved at 11:41:21 AM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office\winword.exe
C:\Hyjackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109526372125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1174271951765
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
AVG LOGS
Safe mode
--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:58:06 AM 3/27/2007
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{0032CCFA-D80B-DABE-C53B-7E94CD4E0B9D} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{0B2597DB-F5D8-5A0A-BA74-4E42716BE178} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{0C507AC8-9CC4-1970-BE39-A99F9532D512} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{153D10FB-F24E-58A4-1F55-99D6BD7AC8CA} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{16A44D3F-B2CD-5116-5BE3-1B77F19325D0} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{1C5174EF-6CDC-A9A8-CDD4-8E97F25B77D9} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{21E654F5-CF30-4A95-C97F-98763D1324F9} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{22B1F2F7-F173-BECD-F6C3-ED087F9541CA} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{276F3F87-44C8-4A9A-ADB1-2102C3E941DD} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{286F8207-1C69-16CC-3E99-C38C1E4D62AD} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{37708770-E494-86C9-3D98-817566C59056} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{37CF5456-717A-C95A-6D5F-7653A2E09649} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{49B290F7-E66E-2716-C118-FC92A72092D8} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{50BF8233-1F18-33EA-155D-8BA70712FAF3} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{588FCF78-9883-FD4A-E7E4-8988603547DE} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{5B791DC9-4315-DB99-ED8F-D81BA733A257} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{622A8F48-1987-BE0C-846F-5F54337E3897} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{7085B7F3-6735-6A89-5650-95D1C3942B93} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{70AADA51-3691-0336-8370-F073BF05AD05} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{73A6D522-1A82-2562-0934-AC8B9AAFE7CD} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{875B4CD1-0BF3-E6A9-2A50-67BB4B403435} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{87B9B006-3765-8006-D7C5-4C71568F43DA} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{A19A66EB-CF29-CC81-77FC-5375D97AE8AD} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{A5B853EB-02AC-5701-5CE5-B7B603A3964D} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{AA0B70B4-0585-98FF-591D-792B7C365368} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{ABD7967C-3F51-655C-C22D-34A94C9679EE} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{ADCD2861-F951-CBB0-CD36-3C98A6A42196} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{B0378C8C-FEF0-3745-3710-3DFFD82094B1} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{B1EA2010-07E4-3D19-B07F-C5DA991481C8} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{CC15449D-564B-BFBD-010F-5C0D90856CC3} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{D7630E68-79D7-6EF3-062A-A8D62572DA69} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{DA211C7E-80D9-4852-98A8-572088007AC3} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{E68FF21A-1D01-4C00-EDC8-A80470B5A15F} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{F02E3B9E-91EA-F259-A3AA-78801E4D5744} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{F55D073A-8824-3A16-989A-7E60E10FA31B} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{F97B935C-4820-CB6C-D4EF-A3AF4B649DB3} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{FEB4AA0B-3E40-1CBB-3F25-CFC72AA1CD1B} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : No action taken.
C:\WINDOWS\uninstaller.exe -> Adware.WildMedia : No action taken.
C:\WINDOWS\system32\xlibgfl254.dll -> Downloader.Agent.bfj : No action taken.
C:\Program Files\Hijack this\backups\backup-20050227-161627-298.dll -> Downloader.Agent.hl : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP820\A0210744.exe -> Dropper.Agent.bbu : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Logger.BZub.fz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP823\A0212984.exe -> Logger.BZub.fz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP823\A0212993.DLL -> Logger.BZub.fz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP824\A0217327.dll -> Logger.BZub.hw : No action taken.
C:\WINDOWS\system32\ipv6monk.dll -> Logger.BZub.hy : No action taken.
C:\Program Files\PestPatrol\Quarantine\20070211161951.zip/WINDOWS/system32/ipv6monl.dll -> Logger.BZub.hz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP824\A0217343.dll -> Logger.BZub.hz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP827\A0217627.exe -> Logger.BZub.ib : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP828\A0218817.DLL -> Logger.BZub.ib : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP828\A0220941.exe -> Logger.BZub.ib : No action taken.
C:\WINDOWS\system32\ipv6monj.dll -> Logger.BZub.ib : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP820\A0210745.dll -> Logger.BZub.nch : No action taken.
C:\autoexes.exe -> Logger.BZub.nch : No action taken.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : No action taken.
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : No action taken.
C:\Documents and Settings\Richard Latham\Application Data\antivirus.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstbeacon[4].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstnet[3].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@ads.cnn[2].txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@ads.cnn[3].txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@anad.tacoda[3].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@anat.tacoda[3].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@m.webtrends[3].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP828\A0222023.exe -> Trojan.Agent : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP828\A0224366.exe -> Trojan.Agent : No action taken.
C:\WINDOWS\send.exe -> Trojan.Agent.aeq : No action taken.
C:\WINDOWS\system32\d2kpax.exe -> Trojan.Dialer.bh : No action taken.
C:\WINDOWS\videoa.exe -> Trojan.Dialer.o : No action taken.
C:\WINDOWS\hta1.hta -> Trojan.LowZones.a : No action taken.
C:\WINDOWS\hta2.hta -> Trojan.LowZones.a : No action taken.
C:\WINDOWS\hta3.hta -> Trojan.LowZones.a : No action taken.
C:\WINDOWS\hta4.hta -> Trojan.LowZones.a : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP824\A0217325.exe -> Trojan.Tanspy : No action taken.
::Report end
Normal Mode ( after reboot to normal mode)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:29:46 AM 3/27/2007
+ Scan result:
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233637.exe -> Adware.WildMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233629.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233636.dll -> Downloader.Agent.hl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233628.dll -> Logger.BZub.hy : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20070211161951.zip/WINDOWS/system32/ipv6monl.dll -> Logger.BZub.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233626.dll -> Logger.BZub.ib : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233625.exe -> Logger.BZub.nch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233638.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233635.exe -> Trojan.Agent.aeq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233627.exe -> Trojan.Dialer.bh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233630.exe -> Trojan.Dialer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233631.hta -> Trojan.LowZones.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233632.hta -> Trojan.LowZones.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233633.hta -> Trojan.LowZones.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233634.hta -> Trojan.LowZones.a : Cleaned with backup (quarantined).
::Report end