Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] MULTIPLE TROJAN BACKDOOR MALWARE


  • This topic is locked This topic is locked
8 replies to this topic

#1 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 10 November 2007 - 01:58 PM

Hello Since you guys/gals were so efficient with me home computer. I have now entrusted you with my office computer. Bought used I think it has always had a problem. Histoy: The computer's HD was small so a friend of mine took and instaled my old SYSTEM HD from another computer so this might have some viruses also ...being it was the old C: operating system HD from older PC.

I have run the AVG trial in SAFE MODE and it found several files Both HIGH and MEDIUM here is the Report log from the. scan It would nt quarantine the following
Adware.BargainBuddy.
I got this message:

The file D:\WINDOWS\SYSTEM32\mac80ex.idf\ C:/PROGRAMFILES/Bullseye Network/bin/Adv.exe Cannot be quarantined because it is embedded in the archive
D:\WINDOWS\SYSTEM32\mac80ex.idf. Do you want to quarantine the whole archive?

I said no when prompted.It asked the same question 4 times before it moved on to other actions on quarantine. (wasnt sure what else to do.)

Here is the log file . the wierd thing is when I reboot to normal mode AVG shows nothing in quaratine. Why is this? But in safemode it shows all within the report. Weird

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:38:16 AM 11/10/2007

+ Scan result:



D:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM32\mac80ex.idf/C:/WINDOWS/System32/msbe.dll -> Adware.BargainBuddy : No action taken.
D:\Program Files\Common Files\GMT\gtrawbm.fil -> Adware.Gator : No action taken.
D:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll -> Adware.Gator : No action taken.
C:\Program Files\Screensavers.com -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\ActiveDesktop -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\ActiveDesktop\bin -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSInstaller -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\Ready -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\Upload -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\bin -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\bin\screensavers.exe -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\temp -> Adware.Generic : No action taken.
C:\Program Files\Screensavers.com\SSSUninst.exe -> Adware.Generic : No action taken.
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
D:\Program Files\NewDotNet\newdotnet6_98.dll -> Adware.NewDotNet : No action taken.
D:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : No action taken.
D:\Program Files\NewDotNet\uninstall6_98.exe -> Adware.NewDotNet : No action taken.
D:\System Volume Information\_restore{07FC6914-E238-4B92-8E9B-44ADD8301716}\RP499\A0072927.dll -> Adware.NewDotNet : No action taken.
D:\System Volume Information\_restore{07FC6914-E238-4B92-8E9B-44ADD8301716}\RP511\A0074035.dll -> Adware.NewDotNet : No action taken.
D:\System Volume Information\_restore{07FC6914-E238-4B92-8E9B-44ADD8301716}\RP514\A0074230.exe -> Adware.NewDotNet : No action taken.
D:\WINDOWS\NDNuninstall6_22.exe -> Adware.NewDotNet : No action taken.
D:\WINDOWS\NDNuninstall6_30.exe -> Adware.NewDotNet : No action taken.
D:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : No action taken.
D:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : No action taken.
D:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : No action taken.
D:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll -> Adware.WindowEnhancer : No action taken.
D:\System Volume Information\_restore{07FC6914-E238-4B92-8E9B-44ADD8301716}\RP518\A0074593.exe -> Backdoor.Agobot : No action taken.
D:\System Volume Information\_restore{07FC6914-E238-4B92-8E9B-44ADD8301716}\RP518\A0074596.exe -> Backdoor.Hupigon.hk : No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\installer_en[1].exe -> Downloader.Small : No action taken.
D:\Program Files\Common Files\tsa\rainbow\vocabulary -> Downloader.TSUpdate.j : No action taken.
D:\System Volume Information\_restore{07FC6914-E238-4B92-8E9B-44ADD8301716}\RP484\A0071468.exe -> Dropper.Small : No action taken.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : No action taken.
D:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : No action taken.
D:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : No action taken.
:mozilla.311:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.340:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.355:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.356:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.442:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.475:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.476:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.477:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.478:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.484:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.485:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.486:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.487:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.488:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.95:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.397:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.398:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.451:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.452:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.453:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.454:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.455:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.456:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.457:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.458:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.459:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.460:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.461:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.462:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.463:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.464:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.500:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.502:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.319:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.320:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@stats.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.41:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.42:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.43:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.55:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.56:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.326:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.375:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.376:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.377:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.378:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.281:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
D:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
D:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.365:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.366:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.367:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.368:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.369:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.370:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.371:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.372:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.328:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@stat.dealtime[2].txt -> TrackingCookie.Dealtime : No action taken.
:mozilla.327:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.284:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.285:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.286:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.333:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.334:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.335:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.336:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.337:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.338:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.339:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
:mozilla.172:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.173:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.174:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.175:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.176:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.177:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.178:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.179:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.180:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.181:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.182:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.407:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.412:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.414:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.415:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.416:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.429:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.432:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.433:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.436:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.498:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.499:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.299:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.300:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.349:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.354:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.373:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.374:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@ehg-cafepress.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@ehg-hasbro.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Documents and Settings\Owner\Cookies\owner@ehg-intuit.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.381:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.496:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.497:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.254:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.255:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
D:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.224:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.225:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.226:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.227:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.onestat[2].txt -> TrackingCookie.Onestat : No action taken.
:mozilla.141:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.142:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.143:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.228:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Overture : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.386:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.387:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.388:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.389:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.390:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.391:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.392:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
D:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@preferences[1].txt -> TrackingCookie.Preferences : No action taken.
:mozilla.89:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.90:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.208:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.209:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.171:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.57:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.58:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Real : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.45:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.46:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.47:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.48:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.258:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.259:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.260:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.261:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@targetnet[2].txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.479:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Tracking101 : No action taken.
:mozilla.481:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Tracking101 : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.121:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.114:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.115:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.346:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.70:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.35:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.36:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g8w2q7d3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
D:\Documents and Settings\Mary Bettis\Cookies\mary bettis@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
D:\System Volume Information\_restore{07FC6914-E238-4B92-8E9B-44ADD8301716}\RP518\A0074595.exe -> Trojan.Starter.a : No action taken.


::Report end

AND HIJACHTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:15 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
D:\UPS\WSTD\PolicyMgr\NA1Msgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\UPS\WSTD\Messages\WSTDMessaging.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...arm1=seconduser
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [NA1Messenger] D:\UPS\WSTD\PolicyMgr\NA1Msgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = D:\UPS\WSTD\Messages\WSTDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = D:\UPS\WSTD\wstdPldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (EOLUP.Version) - http://www.rightnetw...eb/eolupcli.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.rightnetw...rdp20050324.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2307DA0A-D779-46DA-908B-056EFCF85CDA}: NameServer = 216.224.224.10,216.224.229.42
O17 - HKLM\System\CS1\Services\Tcpip\..\{2307DA0A-D779-46DA-908B-056EFCF85CDA}: NameServer = 216.224.224.10,216.224.229.42
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 9635 bytes

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 November 2007 - 08:44 PM

Hello and welcome to the forums

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Note:
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)


It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:
You chose No action taken, so you didn't clean anything

No need to download again but follow the instructions on how to set it up to run.


Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now
    change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Do not automatically generate reports.
  • Under What to scan? - Select Scan every file.
Close all open windows.
Do not run a scan yet.

Reboot your computer into SafeMode
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.



IMPORTANT: Do not open any other windows or
programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:[list]
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in normal mode and copy the report back to this topic along with a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 11 November 2007 - 02:35 AM

OK ?This is what I did. Are asking me then to redo this with the hidden files open? (This being the difference.) If so I will. I cannot post until Monday as the computer is at office. So please be patient. :thumbup: :thumbup:

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 November 2007 - 05:24 AM

OK ?This is what I did. Are asking me then to redo this with the hidden files open? (This being the difference.) If so I will. I cannot post until Monday as the computer is at office. So please be patient. :thumbup: :thumbup:

Read the instructions on the settings before scanning.

Please set up the program as follows:
Click the Shield icon at the top and under Resident shield is... click active. This should now
change to inactive.
Click the Update icon and untick the automatic update option.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act? - make sure that Quarantine is selected.
Under How to scan? - All checkboxes should be ticked.
Under Possibly unwanted software - All checkboxes should be ticked.
Under Reports - Select Do not automatically generate reports.
Under What to scan? - Select Scan every file.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 14 November 2007 - 09:36 AM

SORRY FOR THE DELAY

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:30:49 AM 11/14/2007

+ Scan result:



D:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
D:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
D:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
D:\WINDOWS\SYSTEM32\mac80ex.idf/C:/WINDOWS/System32/msbe.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014574.exe -> Adware.Comet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014587.dll -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014577.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014578.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014579.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014580.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014581.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014582.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014583.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014584.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014585.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014586.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014588.dll -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014571.exe -> Downloader.Small : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014589.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP51\A0014590.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).


::Report end




AND THIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:26 AM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
D:\UPS\WSTD\PolicyMgr\NA1Msgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\UPS\WSTD\Messages\WSTDMessaging.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\eolupclnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...arm1=seconduser
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [NA1Messenger] D:\UPS\WSTD\PolicyMgr\NA1Msgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = D:\UPS\WSTD\Messages\WSTDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = D:\UPS\WSTD\wstdPldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (EOLUP.Version) - http://www.rightnetw...eb/eolupcli.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.rightnetw...rdp20050324.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2307DA0A-D779-46DA-908B-056EFCF85CDA}: NameServer = 216.224.224.10,216.224.229.42
O17 - HKLM\System\CS1\Services\Tcpip\..\{2307DA0A-D779-46DA-908B-056EFCF85CDA}: NameServer = 216.224.224.10,216.224.229.42
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10022 bytes



THANK YOU :D :D :D

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 November 2007 - 11:15 AM

With AVG Anti-Spyware, if you click on the Infections icon, then it will show you all the items in Quarrantine and you can remove them that way. Just click Select All then Remove Finally

How's it running now?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 15 November 2007 - 10:03 PM

Running really slow. Just a bit better.

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 16 November 2007 - 03:45 PM

Is your Symantec AntiVirus a trial version?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 November 2007 - 10:57 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users