PDA

View Full Version : Adware is hijacking IE7



Granville
2007-01-30, 09:25
As requested, starting a new topic by copying over my initial enquiry.

Ok, I am a FireFox user but I still need IE occasionally.
So I updated to IE7.
Every time I try to use it (and sometimes when I don't - just working with FF) some form of Adware takes it over and kills the "Live" tab and replaces it with "Party Poker", "888 Casino" and the like.
I have run S&D several times and it always comes up blank.
But the malware is still there.
Any suggestions or similar occurrences?


And in response to Tashi's queries...

I run a Dell OEM XP Pro, with auto-updates set, so should be fully updated.
I only have the freebee S&D 1.3 but this appears to update it's signature files each time it is run.

I am currently updating to 1.4 and will re-run a scan when that is installed.

I will report back on any progress before you commit any time to this. Back soon...

Granville
2007-01-30, 10:58
Don't know why I hadn't installed 1.4 before but it is on now.
It found a whole heap of stuff which 1.3 didn't recognise.
I have dumped all that lot, so will give it a day or so to see if things are fully resolved.
I will report back one way or the other, so this thread can be closed if all is well.
Thanks.

Granville
2007-01-31, 12:32
I did the update to 1.4, and it seems to have found and cleared a stack of nasties missed by 1.3.
However, now when I boot up S&D starts to cycle hundreds of query dialogs, which even when set to be quiet and background, flash up an endless stream of notification boxes, nearly all of which appear to be exactly the same.
The screen shots are two hours apart and show no sign of ever stopping.
Short of killing S&D, nothing seems to be able stop this.
I could stop Immunise and/or take off the Permanent IE blocker, but surely this is defeating the objective?
Any advice please?

Granville
2007-01-31, 12:35
Pictures referred to in previous post but not included in time!

tashi
2007-01-31, 19:59
Hello.

Could you please follow the instructions in the link I provided here: http://forums.spybot.info/showthread.php?t=10898 so that we can see if this is malware related or a setting in Spybot-S&D that you can adjust.

"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Regards. :)

Granville
2007-02-01, 08:19
IE is becoming unusable, which is an extra problem when trying to sort out why.

I have been following your instructions and have tried several times to run the Panda external checker.

Unfortunately, this won't run in FF, so have to use IE. It starts ok. Sets of scanning all HDs. Just a percent or two into the scan finds it's first nasty. It shows a "press here for details of this" button, which will open a new window. As that window opens, IE simply fades away (both windows) losing the details and the scan.

So, start again. Running to circa 6% and found 30 new items. Not picking the details window this time. Suddenly a pile of Casino popup pages appear and again - crash. All gone.

Last night, I closed everything down except the scan and left it running, hoping that by this morning it would have completed and had a list of targets.

When I came through, nothing there - all gone. No indication of when, so don't know if it completed, started to open the display and crashed or jut died in the traces.

Obviously, there is something there which S&D is missing but using IE is not working.

Can you suggest another with will work with FF please?

Granville
2007-02-01, 09:59
Ok, last one on the list, Trend, works in FF, so am on with running a scan with that. Will post results when avaiable.

Granville
2007-02-01, 10:42
Housecall set up and started running.
Estimated time 4.5hrs to scan.
45mins into it, had about half a dozen "finds".
Then suddenly, WIPEOUT.
No FireFox, no Trend, nothing.
Ended up having to reboot and am now setting this up all over again.

Is this indicative of some new Self-Protective Malware, which recognises when it is about to be eliminated and pulls the plug to avoid it?

Granville
2007-02-01, 11:05
On the basis that my wife's computer is on the same house-lan as mine, thought it would be best to run the scan on her machine at the same time as mine to clear them both and avoid cross contamination.

Again after about half an hour FF came up with an error message and had to close. Sent the crash-file to MS and rebooted her system.

Will start another scan and see how that goes.

Granville
2007-02-01, 11:32
Crashed out my computer AGAIN.

There is something very odd or nasty here.

FireFox is normally so stable, nothing seems to shake it.
However, it is falling apart on two independent machines at the same time, doing the same job with the same software.

Is it likely to be the Trend Housecall, or the nasties it is locating?

Granville
2007-02-01, 12:07
Had Trend running on both machines.

Both died within a couple of minutes of one another.

Tashi, if you need the results of this scan, I will try to provide it but while what ever is wrong is killing both IE and FF, there doesn't seem to be a solution.

Any other ideas or suggesions?

Just going to wait now till I hear from you.

tashi
2007-02-12, 19:02
Hello.

Apprantly your topic has been overlooked by helpers because of the number of replies to your topic. They look for zero response.

In order to assist you they will need to see the HJT log, can you provide the results of that scan?

"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

Granville
2007-02-13, 13:21
Logfile of HijackThis v1.99.1
Scan saved at 11:16:43, on 13-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Browster\proxy\wrapper.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\PROGRA~1\Browster\proxy\jre\bin\java.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\BCMSMMSG.exe
D:\PROGRA~1\Nero\NEROTO~1\DRIVES~1.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Hello\Hello.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Video Server S\Video Server S.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8448
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,DLPSP.EXE
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FEA39D6-46B3-4F66-BC38-4839CFE198EA} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - C:\Program Files\Browster\Browster.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O4 - HKLM\..\Run: [ZIVGXcov] C:\PROGRA~1\soxtvutv\cYADGAQN.exe
O4 - HKLM\..\Run: [YAVHT1Ex] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RwpGWAUx] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [eIpGS1Uw] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [egVHToEx] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [eA0GS5ow] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] D:\PROGRA~1\Nero\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SignGramDeadMess] C:\Documents and Settings\All Users\Application Data\HeartUserSignGram\TransLong.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nygzyjli] C:\WINDOWS\System32\hdkpuiam.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [beuvoiirdiuy] C:\WINDOWS\System32\nejufl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [EPSON Plotter] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\System32\E_S71.tmp"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Nero\Nero BackItUp\NBJ.exe"
O4 - Startup: Shortcut to Video Server S.lnk = C:\Program Files\Video Server S\Video Server S.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.excite.com
O15 - Trusted Zone: www.ofoto.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polyblog.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02e29a4318b73eea9d06/netzip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5938FEB1-3609-11D4-85CD-00902707DAE7} (MapCtl Class) - https://www.promapserver.co.uk/controls/latest/webmap.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.200.57.26//cgi-bin/AxisCamControl.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.bootsdigitalphotocentre.com/wpp/boots/opcuploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Browster Proxy (BrwstrPF) - Unknown owner - C:\PROGRA~1\Browster\proxy\wrapper.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

pskelley
2007-02-13, 17:13
Welcome to the forum, please listen up, you have a bunch of nasty junk on this computer and if they are on the same LAN chances are they are both infected. I suggest you pull the plugs until we get this one clean, it going to be tricky keeping one from reinfecting the other. Is there a way you can separate them so they are not networked together?

I am also not looking back at all of that stuff you posted so I might ask questions you have already answered, bear with me that information will just confuse me at this point.
Please concentrate on this computer, once it is clean we will close this topic and you may start a new topic for the other computer.

I see this: C:\Program Files\Java\j2re1.4.2_03\ and this: C:\Program Files\Java\jre1.5.0_10\ see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2 that out of date version may be what caused the infection. Uninstall all but the newest in Add Remove Programs.

Some of this junk I do not even recognize, so I am guessing a little, but we will start like this, make sure you do this in the numbered ordered.

1) This is at least a Adware.BlazeFind infection, Symantec has a tool so run it first here:
http://sarc.com/avcenter/venc/data/pf/adware.blazefind.html
http://securityresponse.symantec.com/avcenter/FxBlzFnd.exe

2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

4) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

5) Start > Control Panel > Add Remove Programs and uninstall WindowsSA, uninstall any program you know does not belong there.

6) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - (no file)
O2 - BHO: (no name) - {1FEA39D6-46B3-4F66-BC38-4839CFE198EA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O4 - HKLM\..\Run: [ZIVGXcov] C:\PROGRA~1\soxtvutv\cYADGAQN.exe
O4 - HKLM\..\Run: [YAVHT1Ex] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [RwpGWAUx] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [eIpGS1Uw] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [egVHToEx] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [eA0GS5ow] C:\PROGRA~1\swvtwtur\pwqxvrsv.exe
O4 - HKLM\..\Run: [nygzyjli] C:\WINDOWS\System32\hdkpuiam.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: C:\WINDOWS\System32\nejufl.exe
(if you really trust those next two, you can leave them)
O15 - Trusted Zone: *.excite.com
O15 - Trusted Zone: www.ofoto.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02e29a43...p/RdxIE601.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

7) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\PROGRAM FILES~1\soxtvutv\ <<< delete that folder

C:\PROGRAM FILES~1\swvtwtur\ <<< delete that folder

C:\Program Files\WindowsSA\ <<< delete that folder

C:\WINDOWS\System32\hdkpuiam.exe <<< delete that file

C:\WINDOWS\System32\nejufl.exe <<< delete that file

8) Follow the directions in this link, make sure you [B]delete or at least quarantine anything the program locates and save that scan report.
http://forums.security-central.us/showthread.php?t=3165

9) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the AVG Anti-Spyware scan results, a new HJT log and any comments you think will help.

Thanks

Granville
2007-02-14, 00:36
Sorry it took so long to get back to you, the first scan took over six hours but ended up with no results. The others did find some stuff, which I deleted and the updated text files follow. (Looks like it will be in three chunks)

Logfile of HijackThis v1.99.1
Scan saved at 22:29:20, on 13-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Browster\proxy\wrapper.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Browster\proxy\jre\bin\java.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\BCMSMMSG.exe
D:\PROGRA~1\Nero\NEROTO~1\DRIVES~1.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Hello\Hello.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Video Server S\Video Server S.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8448
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,DLPSP.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - C:\Program Files\Browster\Browster.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] D:\PROGRA~1\Nero\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SignGramDeadMess] C:\Documents and Settings\All Users\Application Data\HeartUserSignGram\TransLong.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [EPSON Plotter] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\System32\E_S71.tmp"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Shortcut to Video Server S.lnk = C:\Program Files\Video Server S\Video Server S.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polyblog.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5938FEB1-3609-11D4-85CD-00902707DAE7} (MapCtl Class) - https://www.promapserver.co.uk/controls/latest/webmap.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.200.57.26//cgi-bin/AxisCamControl.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.bootsdigitalphotocentre.com/wpp/boots/opcuploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Granville
2007-02-14, 00:37
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Browster Proxy (BrwstrPF) - Unknown owner - C:\PROGRA~1\Browster\proxy\wrapper.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

-------------------------------------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:03:05 13-02-07

+ Scan result:



HKU\S-1-5-21-3792747927-3728794093-2820869814-1010\Software\Microsoft\Internet Explorer\MenuExt\Add A Page Note -> Adware.CommonName : Cleaned.
HKU\S-1-5-21-3792747927-3728794093-2820869814-1010\Software\Microsoft\Internet Explorer\MenuExt\Bookmark This Page -> Adware.CommonName : Cleaned.
HKU\S-1-5-21-3792747927-3728794093-2820869814-1010\Software\Microsoft\Internet Explorer\MenuExt\Email This Link -> Adware.CommonName : Cleaned.
HKU\S-1-5-21-3792747927-3728794093-2820869814-1010\Software\Microsoft\Internet Explorer\MenuExt\Search using CommonName -> Adware.CommonName : Cleaned.
C:\Documents and Settings\All Users\Application Data\HeartUserSignGram\TransLong.exe -> Adware.Lop : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1217\A0144836.dll -> Adware.Yahoo : Cleaned.
C:\Utilities\Downloads\Microsoft\MSN\MsgPlus-220.exe/70000011.exe -> Downloader.Swizzor.g : Cleaned.
C:\Utilities\Downloads\Microsoft\MSN\MsgPlus-221.exe/70000011.exe -> Downloader.Swizzor.g : Cleaned.
C:\Program Files\Adobe\Photoshop CS\test.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
C:\Utilities\Downloads\Rips\Photoshop CS Fix.zip/CS Fix/test.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
:mozilla.494:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.546:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Granville\Application Data\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.6:C:\Documents and Settings\Granville\Application Data\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.6:C:\Documents and Settings\Granville\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.7:C:\Documents and Settings\Granville\Application Data\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.7:C:\Documents and Settings\Granville\Application Data\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.7:C:\Documents and Settings\Granville\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.11:C:\Documents and Settings\Granville\Application Data\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.11:C:\Documents and Settings\Granville\Application Data\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.11:C:\Documents and Settings\Granville\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.12:C:\Documents and Settings\Granville\Application Data\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.12:C:\Documents and Settings\Granville\Application Data\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.12:C:\Documents and Settings\Granville\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.498:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.499:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\Granville\Application Data\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\Granville\Application Data\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\Granville\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.9:C:\Documents and Settings\Granville\Application Data\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.9:C:\Documents and Settings\Granville\Application Data\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.9:C:\Documents and Settings\Granville\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.661:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.174:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.175:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.177:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.178:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.179:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.189:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.13:C:\Documents and Settings\Granville\Application Data\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.13:C:\Documents and Settings\Granville\Application Data\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.13:C:\Documents and Settings\Granville\MozillaControl\profiles\MozillaControl\wquas19e.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.367:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.488:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.352:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.446:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.625:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.688:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.689:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.690:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.691:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.721:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.775:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.842:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.880:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.909:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

Granville
2007-02-14, 00:39
:mozilla.568:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@www.etracker[2].txt -> TrackingCookie.Etracker : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.287:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.319:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.327:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.336:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.338:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.443:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.601:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.652:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.658:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.670:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.697:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.701:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.712:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.714:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.722:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.739:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.789:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.809:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.823:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.824:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.233:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.234:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.235:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.236:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.237:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.518:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.519:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.520:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.521:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.522:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.571:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.599:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.600:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.615:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.653:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.706:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.748:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.749:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.751:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.773:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.860:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.862:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.733:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.899:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.290:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.291:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.292:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.326:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.753:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.754:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.756:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.814:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.815:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

Granville
2007-02-14, 00:40
:mozilla.915:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.916:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.492:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.493:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.559:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.560:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.561:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.650:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.500:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.501:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Granville\Cookies\granville@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.776:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.798:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.799:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.843:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.100:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.83:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.893:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.894:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.895:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.896:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.897:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.669:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.284:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.707:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.708:C:\Documents and Settings\Granville\Application Data\Mozilla\Firefox\Profiles\gsdqaxdp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Microsoft AntiSpyware\Quarantine\B9AC4BC8-7ABB-4893-B42D-F1A16A\3A7A9119-AFEF-45D8-A9D1-CDBEDF -> Trojan.CommonName.b : Cleaned.
C:\Program Files\Microsoft AntiSpyware\Quarantine\B9AC4BC8-7ABB-4893-B42D-F1A16A\9EE13603-D6DD-4D1C-9E88-0D4149 -> Trojan.CommonName.b : Cleaned.
C:\Program Files\Microsoft AntiSpyware\Quarantine\B9AC4BC8-7ABB-4893-B42D-F1A16A\EC36DEC4-42FF-4C90-9115-EA9364 -> Trojan.CommonName.b : Cleaned.


::Report end

-------------------------
Oh well, ended up as four parts.
Thanks for what you have done so far, hope this lot means something to you!

Off now to reset my AV and file settings.

pskelley
2007-02-14, 01:18
I just want to say I am trying to get rid of the malware, but you sure have a lot of stuff running on this comuter. I am personally surprised it starts up and even runs at all.
A lot of the stuff I have never seen before, and will have to ask you to tell me if it's valid or not. You do have a LOP/C2 Media infection that is usually caused because messengerplus is downloaded with sponsor programs.

I believe this one is safe, but my scanner is saying no, please let me know if this is a valid item:
C:\PROGRA~1\Browster\proxy\jre\bin\java.exe if you need to check any of this stuff, use one or more of these free onlines scans:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

Before I post the Lop information I am just wondering what you intend to accomplish. I can get rid of the malware, but I doubt this computer is every going to perform unless you control the stuff you have running:
http://netsquirrel.com/msconfig/
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

From the looks of the AVG Anti-Spyware scan report, it appears no one knows how to delete cookies? If you need me to post instructions, let me know.

Since The AVG Anti-Spyware Scan removed so much junk in normal mode, I strongly suggest you boot the computer into safe mode:
http://www.bleepingcomputer.com/tutorials/tutorial61.html
and see what the program can remove when nothing is running.


Here is the LOP item, let's remove it:
O4 - HKLM\..\Run: [SignGramDeadMess] C:\Documents and Settings\All Users\Application Data\HeartUserSignGram\TransLong.exe
Some information: http://inetexplorer.mvps.org/data/lop.htm
http://www.superadblocker.com/P/PROGRAM%20BOOK.EXE-3755.html

Please download NoLop to the Desktop from one of those sites:
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16

Close any programs you have running since a reboot is required
Double click NoLop.exe to run it
Next, click the button labeled: Search and Destroy
<<your computer will now be scanned for infected files>>
When the scan finishes, if infected, you are prompted to reboot
Click OK

Now click: REBOOT
A Message should popup from NoLop. If not, double click the program again and it will finish.
Please Post the contents of C:\NoLop.log along with a new HijackThis log

Let me have some comments from you.

Thanks...Phil

Granville
2007-02-14, 14:15
Phil,
Thanks again for your time and efforts on my behalf.

Yea, the comp is busy. I am a one-man-band Architectural Practice and my pc gets used for everything, both business and pleasure. There are a lot of specialist programs as well as an abundance of "goodies" which I find indispensable (like Browster)

I am probably not going to have chance till tomw to run your suggestions as I will be out of the office. However, will work my way through the list as soon as.
Granville

pskelley
2007-02-14, 15:29
No problems, the LOP is the only real malware I see in the log though it is a nasty one.

Thanks

Granville
2007-02-16, 02:02
Phil,

Had chance to progress things again.

1/ Browster I use all the time, that is on the latest update version.
2/ Tried the msconfig but could only clip about five systray items. Mind you

with 2gig of ram, its not too critical.
3/ I have so many things I access via log-in/pw and masses of them require

cookies to be enabled, I am very concerned about shooting myself in the foot

by killing them. I did instruct (reluctantly) to clear them apart from the

Firefox registration file. It did spend a good while churning whilst

removing them and the IE history files though. Freed up about 2Gb.
4/ Ran AVG in SM. Found about 150 trackers and cleared them.
5/ Ran LOP, found one infection, rebooted and cleared it.
6/ Sent you this and requested reports, which follow.

Granville

-------------------------------

NoLop! Log by Skate_Punk_21

Fix running from: C:\Program Files\Mozilla Firefox
[15-02-07]
[23:41:27]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\BA156C8E92FF16A2.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Acd Systems
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Ca
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Heartusersigngram
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Msscanappdatadir
C:\Documents and Settings\All Users\Application Data\Napster
C:\Documents and Settings\All Users\Application Data\Nch Swift Sound
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spontania4skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Wholesecurity
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\You Software
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Granville\Application Data\Acd Systems
C:\Documents and Settings\Granville\Application Data\Adobe
C:\Documents and Settings\Granville\Application Data\Adobeaum
C:\Documents and Settings\Granville\Application Data\Adobeum
C:\Documents and Settings\Granville\Application Data\Ahead
C:\Documents and Settings\Granville\Application Data\Apple Computer
C:\Documents and Settings\Granville\Application Data\Autodesk
C:\Documents and Settings\Granville\Application Data\Bittorrent
C:\Documents and Settings\Granville\Application Data\Copernic
C:\Documents and Settings\Granville\Application Data\Divx
C:\Documents and Settings\Granville\Application Data\Edrawings
C:\Documents and Settings\Granville\Application Data\Google
C:\Documents and Settings\Granville\Application Data\Graphisoft
C:\Documents and Settings\Granville\Application Data\Help
C:\Documents and Settings\Granville\Application Data\Icq
C:\Documents and Settings\Granville\Application Data\Icqlite
C:\Documents and Settings\Granville\Application Data\Identities
C:\Documents and Settings\Granville\Application Data\Kana Solution
C:\Documents and Settings\Granville\Application Data\Kazaa Lite
C:\Documents and Settings\Granville\Application Data\Lavasoft
C:\Documents and Settings\Granville\Application Data\Leadertech
C:\Documents and Settings\Granville\Application Data\Macromedia
C:\Documents and Settings\Granville\Application Data\Mailwasher
C:\Documents and Settings\Granville\Application Data\Microsoft
C:\Documents and Settings\Granville\Application Data\Mozilla
C:\Documents and Settings\Granville\Application Data\Mozillacontrol
C:\Documents and Settings\Granville\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Granville\Application Data\Nasa
C:\Documents and Settings\Granville\Application Data\Nch Swift Sound
C:\Documents and Settings\Granville\Application Data\Netscape
C:\Documents and Settings\Granville\Application Data\Officeupdate12
C:\Documents and Settings\Granville\Application Data\Photodex
C:\Documents and Settings\Granville\Application Data\Profiles
C:\Documents and Settings\Granville\Application Data\Real
C:\Documents and Settings\Granville\Application Data\Recordpad -- EMPTY Directory
C:\Documents and Settings\Granville\Application Data\Roxio
C:\Documents and Settings\Granville\Application Data\Settings Dead Time -- EMPTY Directory
C:\Documents and Settings\Granville\Application Data\Skype
C:\Documents and Settings\Granville\Application Data\Smartftp
C:\Documents and Settings\Granville\Application Data\Sun
C:\Documents and Settings\Granville\Application Data\Symantec
C:\Documents and Settings\Granville\Application Data\Talkback
C:\Documents and Settings\Granville\Application Data\Vso
C:\Documents and Settings\Granville\Application Data\Wholesecurity
C:\Documents and Settings\Granville\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Granville\Application Data\Yahoo! -- EMPTY Directory
C:\Documents and Settings\Granville\Application Data\Yahoo! Messenger
C:\Documents and Settings\Granville\Application Data\{7148f0a6-6813-11d6-a77b-00b0d0142000}
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft

-------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:57:35, on 15-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Browster\proxy\wrapper.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\PROGRA~1\Browster\proxy\jre\bin\java.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\BCMSMMSG.exe
D:\PROGRA~1\Nero\NEROTO~1\DRIVES~1.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Video Server S\Video Server S.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8448
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,DLPSP.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - C:\Program Files\Browster\Browster.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] D:\PROGRA~1\Nero\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [EPSON Plotter] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\System32\E_S71.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Shortcut to Video Server S.lnk = C:\Program Files\Video Server S\Video Server S.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Granville
2007-02-16, 02:03
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polyblog.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5938FEB1-3609-11D4-85CD-00902707DAE7} (MapCtl Class) - https://www.promapserver.co.uk/controls/latest/webmap.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.200.57.26//cgi-bin/AxisCamControl.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.bootsdigitalphotocentre.com/wpp/boots/opcuploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Browster Proxy (BrwstrPF) - Unknown owner - C:\PROGRA~1\Browster\proxy\wrapper.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

pskelley
2007-02-16, 02:59
Thanks for the feedback and good job with the LOP infection, let's finish up like this:

Information to help with the junk cookies you are storing.
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html

C:\Program Files\Microsoft AntiSpyware\Quarantine\ <<< this may be left from the old product, just make sure it did not get put in Windows Defender's folder by the upgrade. If it did not you can delete the program in red, one way or another the junk in the Quarantine folder needs to go.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Close all programs but HJT and all browser windows, then click on "Fix Checked"

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Granville
2007-02-16, 12:43
Phil,
Thanks for all your time and assistance.
It has been an interesting few days!
Don't know what you did in a past life to end up with such a knowledge of trash removal and avoidance!
I have cleared out a shaft of cookies but so many sites I use require them to be live I have had to reinstate them already.
I can see that I can do it on a page by page basis but that is already proving impractical. I will just have to re-run a cookie-monster now and again.
For what it is worth, IE7 appears to be working ok again, without the bloody Casino take-over, which was the primary objective. So, looks like we have a drained swamp.
Thanks,
Granville

tashi
2007-02-26, 06:06
Glad we could help, :) as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.