View Full Version : Random IE popups--SmitFraud?
Hi everyone,
My computer appears to have been affected a few days ago when I was away from my computer. I attempted to run the online scanning program but since the virus keeps putting up IE popups (even though I only use Firefox), it kept crashing the scan (which requires IE.) But I did run SpyBot in Safe Mode and SmitFraud keeps popping back up along with a lot of other trojans... which Spybot says it has put in the "Vault."
Here is my logfile. Thank you all so much, in advance!
Logfile of HijackThis v1.99.1
Scan saved at 10:00:36 PM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\APPLIC~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\APPLIC~1\Grisoft\AVG7\avgupsvc.exe
C:\APPLIC~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Applications\Cisco\VPNclient\cvpnd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Applications\Winamp3\winampa.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Applications\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\APPLIC~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Applications\iPod\bin\iPodService.exe
C:\Applications\DVD Ghost\DVDGhost.EXE
C:\DOCUME~1\Patrick\MYDOCU~1\Οracle\scanregw.exe
C:\Documents and Settings\Patrick\My Documents\Tаsks\с?rss.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Applications\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Applications\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Applications\OpenOffice 1.1.2\program\soffice.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Applications\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Applications\Winamp3\winampa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Applications\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [AVG7_CC] C:\APPLIC~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\pavoxlkv.dll",realset
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\applications\adobe7\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DVD Ghost] C:\Applications\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [Osus] "C:\DOCUME~1\Patrick\MYDOCU~1\?-racle\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Bsz] "C:\Documents and Settings\Patrick\My Documents\T?psks\???rss.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles/default.1ta\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Applications\OpenOffice 1.1.2\program\quickstart.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Applications\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Applications\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Applications\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Applications\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Applications\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\APPLIC~1\DVDGHO~1\DVDGHO~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Applications\Cisco\VPNclient\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Applications\iPod\bin\iPodService.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Oops, sorry, just to clear up any confusion, it's my virus program, AVG, that has the trojans in the vault, not SpyBot... I was running it before I happened on to this website. Thanks again
pskelley
2007-04-28, 13:32
Welcome to the forum and you are infected. Read this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_03\ <<< badly out of date, download the newest version and uninstall all old versions in Add Remove Programs.
I believe you have a Vundo infection as a result, so we can see this infection return here: C:\hijackthis\HijackThis.exe <<< rename HJT.exe, call it Tanaqui.exe or whatever you wish. The next HJT log should shown us the infection.
You have other problems also, please follow the directions carefully:
All advice given is taken at own risk.
Thanks to sUBs and anyone else who helped with this fix.
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Thanks
Thanks very much for your reply, pskelley! Hopefully I have installed the Java as directed, it was a bit confusing. I also did the rest of what you asked, there are still some viruses there I think...
Here is the log from Combofix:
"Patrick" - 07-04-28 20:50:13 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Patrick\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\psubutmi.dll
C:\WINDOWS\system32\bkwfesit.dll
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\yayxywt.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ipwindows
C:\Program Files\outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Patrick
C:\qoobox\purity\C\DOCUME~1\Patrick\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\Patrick\APPLIC~1\ΜCROS~1.NET
((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))
2007-04-26 20:03 <DIR> d-------- C:\hijackthis
2007-04-26 19:55 60,928 --a------ C:\WINDOWS\system32\eaepcqzi.dll
2007-04-25 21:08 132,660 --a------ C:\WINDOWS\system32\pavoxlkv.dll
2007-04-24 21:12 <DIR> d-------- C:\DOCUME~1\Patrick\APPLIC~1\ErrorProtector Free
2007-04-24 21:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free
2007-04-24 20:54 2 --a------ C:\WINDOWS\system32\wcpisu32.exe
2007-04-14 16:35 14 --a------ C:\WINDOWS\system32\SysEngine2.SYS
2007-04-14 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
2007-04-14 16:21 <DIR> d-------- C:\Application
2007-04-10 11:30 9,136 --a------ C:\WINDOWS\system\INETWH16.DLL
2007-04-10 11:30 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-04-10 11:30 51,712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-04-10 11:30 36,864 --a------ C:\WINDOWS\system\DDEML.DLL
2007-04-10 11:30 322,384 --a------ C:\WINDOWS\system\MFC250.DLL
2007-04-10 11:30 302,592 --a------ C:\WINDOWS\system\OLE2.DLL
2007-04-10 11:30 27,026 --a------ C:\WINDOWS\system\OLE2.REG
2007-04-10 11:30 177,216 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-04-10 11:30 164,832 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-04-10 11:30 157,696 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-04-10 11:30 150,976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-04-10 11:30 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-04-10 11:30 14,128 --a------ C:\WINDOWS\system\TOOLHELP.DLL
2007-04-10 11:30 125,856 --a------ C:\WINDOWS\system\MFCO250.DLL
2007-04-10 11:30 108,544 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-04-02 11:44 <DIR> d-------- C:\DOCUME~1\Patrick\APPLIC~1\Megaupload
2007-04-02 11:43 <DIR> d-------- C:\DOCUME~1\Patrick\APPLIC~1\InstallShield
2007-03-29 17:22 <DIR> d--h----- C:\DOCUME~1\Patrick\APPLIC~1\Move Networks
2007-03-29 12:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-28 21:02 -------- d-------- C:\Program Files\outerinfo
2007-04-28 21:02 -------- d-------- C:\DOCUME~1\Patrick\APPLIC~1\skype
2007-04-28 00:51 10646 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-04-02 11:44 -------- d--h----- C:\Program Files\installshield installation information
2007-03-29 12:28 -------- d-------- C:\DOCUME~1\Patrick\APPLIC~1\real
2007-03-19 11:30 60928 --a------ C:\WINDOWS\system32\ksngcgm.dll
2007-03-17 20:39 -------- d-------- C:\Program Files\netflix
2007-03-17 06:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 07:08 101438 --a------ C:\WINDOWS\b122.exe
2007-03-08 23:26 -------- d-------- C:\Program Files\itunes
2007-03-08 23:21 -------- d-------- C:\Program Files\quicktime
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 13:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{13BCA532-41DF-1926-F23D-6AE338E2AAEA} C:\WINDOWS\system32\ksngcgm.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{bf00e119-21a3-4fd1-b178-3b8537e75c92} C:\Applications\Mega Manager\MegaIEMn.dll
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\bkwfesit.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"EzButton"="C:\\Program Files\\EzButton\\EzButton.EXE"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"WinampAgent"="C:\\Applications\\Winamp3\\winampa.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"DAEMON Tools-1033"="\"C:\\Applications\\D-Tools\\daemon.exe\" -lang 1033"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\APPLIC~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\pavoxlkv.dll\",realset"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="C:\\applications\\adobe7\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"DVD Ghost"="C:\\Applications\\DVD Ghost\\DVDGhost.EXE"
"Osus"="\"C:\\DOCUME~1\\Patrick\\MYDOCU~1\\Οracle\\scanregw.exe\" -vt yazb"
"Bsz"="\"C:\\Documents and Settings\\Patrick\\My Documents\\Tаsks\\с?rss.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"="C:\\Documents and Settings\\Patrick\\Application Data\\Mozilla\\Firefox\\Profiles\\default.1ta\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=\"C:\\Documents and Settings\\Patrick\\Application Data\\Mozilla\\Firefox\\Profiles/default.1ta\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\APPLIC~1\DVDGHO~1\DVDGHO~1.DLL"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-28 21:03:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-28 21:09:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-28 21:09
And the log for hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 9:18:17 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\APPLIC~1\Grisoft\AVG7\avgamsvr.exe
C:\APPLIC~1\Grisoft\AVG7\avgupsvc.exe
C:\APPLIC~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Applications\Cisco\VPNclient\cvpnd.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Applications\Winamp3\winampa.exe
C:\Applications\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\APPLIC~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Applications\DVD Ghost\DVDGhost.EXE
C:\Applications\iPod\bin\iPodService.exe
C:\DOCUME~1\Patrick\MYDOCU~1\Οracle\scanregw.exe
C:\Applications\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Applications\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Applications\OpenOffice 1.1.2\program\soffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\tanaqui.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13BCA532-41DF-1926-F23D-6AE338E2AAEA} - C:\WINDOWS\system32\ksngcgm.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Applications\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\bkwfesit.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Applications\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Applications\Winamp3\winampa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Applications\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\APPLIC~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\pavoxlkv.dll",realset
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\applications\adobe7\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DVD Ghost] C:\Applications\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [Osus] "C:\DOCUME~1\Patrick\MYDOCU~1\?-racle\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Bsz] "C:\Documents and Settings\Patrick\My Documents\T?psks\???rss.exe"
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles/default.1ta\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Applications\OpenOffice 1.1.2\program\quickstart.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Applications\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Applications\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Applications\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Applications\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Applications\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\APPLIC~1\DVDGHO~1\DVDGHO~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Applications\Cisco\VPNclient\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Applications\iPod\bin\iPodService.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
pskelley
2007-04-29, 13:40
Thanks for posting your information and the feedback. I have not seen the console for a version of Java that old but the new version are much easier for manual updating. Start > Control Panel > Java Console (little coffee cup) > Updates Tab > Update.
I also did the rest of what you asked, there are still some viruses there I think... This was a badly infected computer, the junk does not come off as easy as it went on.
I am concerned about this item because of the pathway: C:\Applications\Winamp3\winampa.exe Could you assure me that is a safe item.
This one also looks strange >>> O20 - AppInit_DLLs: C:\APPLIC~1\DVDGHO~1\DVDGHO~1.DLL Google has nothing:
http://www.google.com/search?hl=en&q=DVDGHO%7E1.DLL&btnG=Google+Search the pathway C:\APPLIC is similiar to other pathways that look legitimate you used. Tell me if it is valid. if you don't know we will remove both "applications"
Scanner: http://virusscan.jotti.org/
I do not see the Vundo infection which would have at least one O20 - Winlogon item so maybe we go lucky there?
Please follow the directions carefully and in the posted order:
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {13BCA532-41DF-1926-F23D-6AE338E2AAEA} - C:\WINDOWS\system32\ksngcgm.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\bkwfesit.dll (file missing)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\pavoxlkv.dll",realset
O4 - HKCU\..\Run: [Osus] "C:\DOCUME~1\Patrick\MYDOCU~1\?-racle\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: "C:\Documents and Settings\Patrick\My Documents\T?psks\???rss.exe"
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\system32\pavoxlkv.dll <<< delete that file
C:\DOCUMENTS AND SETTINGS~1\Patrick\MYDOCUMENTS~1\?racle\ <<< delete that folder
C:\Documents and Settings\Patrick\My Documents\T?psks\ <<< delete that folder
5) Follow the directions in this link to download, install, updated and run AVG [B]Anti-Spyware 7.5. Make sure you choose to delete or at least quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165
6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the information I requested, the scan results from AVG Anti-Spyware, a new HJT log and any comments you think will help.
Thanks
For your information: It looks like AVG by Grisoft is your antivirus program of choice and yet I see this service from Symantec running in your services? I would at least disable it unless you know something I don't?
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Disable the Service
Click Start > Run and type services.msc
Scroll down to (SymWMI Service ) and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.
Thanks again for your quick response! I followed your instructions up until step 4--however, when I tried to delete pavoxlkv.dll file, it gave me the "access denied, protected or in use, blah blah, cannot delete" message. Should I continue with the instructions or do something else?
Oh, and I am pretty sure the winamp entry is legit. The other one is for a program called DVD Ghost, which I recently installed, but as far as I know it does not come with any sketchy spyware attached. if anyone knows different that advice would be much appreciated.
Also, I don't know if this is important but when I restart my computer I sometimes get this thing called "csrss.exe" running which is consuming huge amounts of resources, so I exit it via ctrl alt delete. I understand this is also some kind of malware, but I don't know if you could see it on the hijackthis logs since I quit out of it.
Anyways, thanks again!
pskelley
2007-04-30, 01:42
You must have missed some information, these were the instructions:
Restart the computer and post the information I requested, the scan results from AVG Anti-Spyware, a new HJT log and any comments you think will help.
Also, I don't know if this is important but when I restart my computer I sometimes get this thing called "csrss.exe" running which is consuming huge amounts of resources, so I exit it via ctrl alt delete. I understand this is also some kind of malware, but I don't know if you could see it on the hijackthis logs since I quit out of it. Here's the google, unless you follow the instructions, not much I can do to help you.
http://www.google.com/search?hl=en&q=csrss.exe&btnG=Google+Search
Thanks
Well, I did read the instructions, but in case you missed it, I'll say it again: I wasn't able to delete the pavoxlkv.dll file, and neither was I able to delete the Oracle file. They claim to be protected or in use and thus access was denied. Here is the AVZG anti-spyware log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:07:13 PM 4/29/2007
+ Scan result:
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP773\A0250944.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP776\A0254188.dll -> Adware.PurityScan : No action taken.
C:\hijackthis\backups\backup-20070429-130447-770.dll -> Adware.PurityScan : No action taken.
C:\WINDOWS\b122.exe -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP768\A0250833.exe -> Adware.SystemDoctor : No action taken.
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP768\A0250835.exe -> Adware.SystemDoctor : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayxywt.dll.vir -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP776\A0254173.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP772\A0250926.exe -> Downloader.Agent.bls : No action taken.
:mozilla.515:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.251:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.252:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.253:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.254:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.255:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.256:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.257:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.258:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.259:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.260:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.261:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.262:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.263:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.264:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.265:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.266:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.267:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.268:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.269:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.270:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.271:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.272:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.273:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.274:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.275:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.276:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.277:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.278:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.279:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.280:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.281:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.282:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.283:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.284:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.285:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.286:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.287:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.288:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.289:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.290:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.291:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.292:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.293:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.294:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.295:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.296:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.297:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.298:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.299:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.405:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.511:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.641:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.774:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.860:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.153:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.154:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.160:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.161:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.304:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.305:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.375:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.376:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.584:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.585:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.586:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.587:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.588:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.377:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.218:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.219:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.220:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.221:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.222:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.223:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.224:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.598:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.599:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.24:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.25:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.26:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.27:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.28:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.114:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.563:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Atdmt : No action taken.
Continued in next post--
:mozilla.7:C:\Documents and Settings\Patrick\Application Data\Thunderbird\Profiles\default.x69\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.573:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.225:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.226:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.162:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.163:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.164:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.165:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.166:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.167:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.168:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.169:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.477:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Cnn : No action taken.
:mozilla.150:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.151:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.152:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.155:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.156:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.157:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.158:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.123:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.356:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.357:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.358:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.359:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.18:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.592:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.593:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.606:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.607:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.608:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.609:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.384:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.385:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.437:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.191:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.192:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.194:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.238:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.445:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.446:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.534:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.538:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.540:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.545:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.730:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.731:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.735:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Intelli-direct : No action taken.
:mozilla.36:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.37:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
:mozilla.9:C:\Documents and Settings\Patrick\Application Data\Thunderbird\Profiles\default.x69\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.81:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.124:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.808:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.30:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.31:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.32:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.33:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.34:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.35:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.246:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.247:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.248:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.249:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@jp.real[1].txt -> TrackingCookie.Real : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@real[2].txt -> TrackingCookie.Real : No action taken.
:mozilla.830:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.831:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.832:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.833:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.834:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.835:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.454:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.455:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.456:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.457:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.458:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.843:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.485:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.486:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.487:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.489:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.490:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.491:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.492:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.493:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.494:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.495:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.496:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.497:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.498:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.499:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.500:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.501:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.502:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.503:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.504:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.505:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.506:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.507:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.508:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
Continued in next post--
:mozilla.510:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.653:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.654:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.636:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.853:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.854:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.855:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.856:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.857:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@skype[1].txt -> TrackingCookie.Skype : No action taken.
:mozilla.195:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.196:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.197:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.198:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.199:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.594:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.595:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.596:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.597:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.469:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.470:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.471:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.183:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.184:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.185:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.186:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.187:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.188:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.189:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Patrick\Cookies\patrick@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.125:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.127:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.128:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.129:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.130:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.131:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.132:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.133:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.134:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.29:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.531:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.532:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.533:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.360:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.361:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.362:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.363:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.364:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.421:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.422:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.423:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\QooBox\Quarantine\C\Program Files\Ipwindows\UnInstall.exe.vir -> Trojan.Rond : No action taken.
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP776\A0254165.exe -> Trojan.Rond : No action taken.
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP773\A0250947.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP776\A0254191.exe -> Trojan.Small : No action taken.
C:\WINDOWS\system32\wcpisu32.exe -> Trojan.Small : No action taken.
::Report end
NOTE: It says no action taken but I actually deleted them after the log file was made. My apologies for doing it in the wrong order.
Logfile of HijackThis v1.99.1
Scan saved at 8:25:47 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Applications\AVG Anti-Spyware 7.5\guard.exe
C:\APPLIC~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\APPLIC~1\Grisoft\AVG7\avgupsvc.exe
C:\APPLIC~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Applications\Cisco\VPNclient\cvpnd.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Applications\Winamp3\winampa.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Applications\D-Tools\daemon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\APPLIC~1\Grisoft\AVG7\avgcc.exe
C:\Applications\iPod\bin\iPodService.exe
C:\Applications\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Applications\DVD Ghost\DVDGhost.EXE
C:\Applications\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Applications\OpenOffice 1.1.2\program\soffice.exe
C:\Applications\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\hijackthis\tanaqui.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Applications\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Applications\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Applications\Winamp3\winampa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Applications\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\APPLIC~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Applications\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\applications\adobe7\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DVD Ghost] C:\Applications\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\default.1ta\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles/default.1ta\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Applications\OpenOffice 1.1.2\program\quickstart.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Applications\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Applications\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Applications\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Applications\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Applications\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Applications\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\APPLIC~1\DVDGHO~1\DVDGHO~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Applications\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\APPLIC~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Applications\Cisco\VPNclient\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Applications\iPod\bin\iPodService.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Sorry about all the posts. Thanks for all your help; I'm not getting popups anymore and hopefully the infection is gone, or mostly gone.
pskelley
2007-04-30, 14:30
Thanks for the feedback and glad to hear your computer is running better, if you have no other malware issues to report, then let's finish up like this:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
You may rename HJT if you wish and remove any tools we downloaded for the fix. The exception is ATF-Cleaner, and you may keep that nice small tool if you wish.
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.