SmitFraud-C. & SmitFraud-C.CoreService [Archive]

View Full Version : SmitFraud-C. & SmitFraud-C.CoreService

egenbjjj

2007-05-23, 05:04

This is my log from hijackthis...... After running SpyBot three times in safe-mode all the RED items were removed. Not sure if this means I might be clean, but here is the log. Any help would be appreciated. :scratch::banghead:

Logfile of HijackThis v1.99.1
Scan saved at 9:47:34 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\retadpu2000400.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\muwu\muwum.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MCROSO~1.NET\javaw.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\COMMON~1\muwu\muwua.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [love byte beep itch] C:\Documents and Settings\All Users\Application Data\Defy Blah Love Byte\Comp Great.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000400.exe 61A847B5BBF72810329B385272F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DartDupe] C:\DOCUME~1\ADMINI~1\APPLIC~1\VIEWME~1\This play.exe
O4 - HKCU\..\Run: [muwu] C:\PROGRA~1\COMMON~1\muwu\muwum.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Snte] "C:\PROGRA~1\MCROSO~1.NET\javaw.exe" -vt yazb
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{271FD62A-C91E-44B4-9CB4-1A691D816491}: NameServer = 68.28.90.11 68.28.82.11
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Thanks again!

miekiemoes

2007-05-23, 08:29

Hello,

You are dealing with several different infections...

It is important you don't miss a step and perform everything in the right order!!

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

TSA
Netpumper
Bitroll
Bitgrabber
Bitdownload
Torrent101
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Search Plugin
WinZix
Zone Media
Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
MediaTickets by OIN
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.

also, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Reboot when done! Really important!
After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O4 - HKLM\..\Run: [love byte beep itch] C:\Documents and Settings\All Users\Application Data\Defy Blah Love Byte\Comp Great.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000400.exe 61A847B5BBF72810329B385272F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [DartDupe] C:\DOCUME~1\ADMINI~1\APPLIC~1\VIEWME~1\This play.exe
O4 - HKCU\..\Run: [muwu] C:\PROGRA~1\COMMON~1\muwu\muwum.exe
O4 - HKCU\..\Run: [Snte] "C:\PROGRA~1\MCROSO~1.NET\javaw.exe" -vt yazb

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update AVG Anti-Spyware (http://www.ewido.net/en/download/)

Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")

Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close AVG Anti-Spyware and reboot!!
I need the log later.
-------------------------

* Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post next logs in your following reply:
Log from combofix (combofix.txt) - do NOT post the ComboFix-quarantined-files.txt - unless I ask you to
Log from AVG Antispyware
New HijackThislog
You may need several replies to post the logs in case they won't fit in one reply.

egenbjjj

2007-05-24, 01:43

Hey miekiemoes....
Thanks in advance for the help with this. I ran all the checks you told me to do and have replied to your post three times with each log in a different reply. Also, on the items you told me to uninstall through my add/remove programs, some of them didn't show up at all, so I wasn't able to remove them. I have posted them below as an fyi. Also, when running hijack again, some of the run files didn't appear as well so I have listed these below also. ON WITH THE LOGS!!!!!

LOG FROM COMBOFIX:
"Administrator" - 2007-05-23 17:46:51 Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Administrator\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\ipwindows

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-23 ))))))))))))))))))))))))))))))))))

2007-05-23 16:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-22 23:53 <DIR> d-------- C:\Program Files\Any Video Converter
2007-05-22 23:52 2,916,352 --------- C:\WINDOWS\UNNMP.exe
2007-05-22 23:51 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-05-22 23:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-22 23:46 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-05-22 23:46 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-05-22 23:46 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-05-22 23:46 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-05-22 23:46 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-05-22 23:46 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-05-22 23:46 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-05-22 23:46 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-05-22 23:46 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-05-22 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-05-22 23:02 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-05-22 23:02 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-05-22 23:02 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-05-22 23:02 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-05-22 23:02 <DIR> d-------- C:\Program Files\Cucusoft
2007-05-22 23:02 <DIR> d-------- C:\ConverterOutput
2007-05-22 21:10 <DIR> d-------- C:\hijackthis
2007-05-22 18:18 <DIR> d-------- C:\VundoFix Backups
2007-05-22 15:59 <DIR> d-------- C:\Program Files\M?crosoft.NET
2007-05-22 09:32 <DIR> d-------- C:\WINDOWS\CSC
2007-05-21 20:00 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\VIEW MEMO SOFTWARE
2007-05-21 15:33 375 --a------ C:\WINDOWS\rayiou.exe
2007-05-21 15:32 <DIR> d-------- C:\Program Files\WinTouch
2007-05-21 15:02 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-05-21 15:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\??sembly
2007-05-21 14:47 <DIR> d-------- C:\WINDOWS\muwu
2007-05-21 14:47 <DIR> d-------- C:\Program Files\Common Files\muwu
2007-05-20 23:44 <DIR> d-------- C:\Program Files\WinZix
2007-05-20 23:28 <DIR> d-------- C:\Program Files\Nero
2007-05-20 23:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-20 17:54 339,968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2007-05-20 17:54 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-05-20 17:53 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-19 23:19 29,696 --a------ C:\WINDOWS\system32\VB5STKIT.DLL
2007-05-17 15:48 81,408 --a------ C:\WINDOWS\system32\CNT31.DLL
2007-05-17 15:48 803,680 --a------ C:\WINDOWS\system32\AXDIST.EXE
2007-05-17 15:48 67,584 --a------ C:\WINDOWS\system32\Vspell32.dll
2007-05-17 15:48 640,512 --a------ C:\WINDOWS\system32\Oc30.dll
2007-05-17 15:48 64,000 --a------ C:\WINDOWS\system32\Txtls32.dll
2007-05-17 15:48 551,936 --a------ C:\WINDOWS\system32\vcfiwz32.DLL
2007-05-17 15:48 49,664 --a------ C:\WINDOWS\system32\Tx_rtf32.dll
2007-05-17 15:48 48,640 --a------ C:\WINDOWS\system32\Inetwh32.dll
2007-05-17 15:48 43,008 --a------ C:\WINDOWS\system32\Ic32.dll
2007-05-17 15:48 243,712 --a------ C:\WINDOWS\system32\Tx32.dll
2007-05-17 15:48 22,528 --a------ C:\WINDOWS\system32\Wndtls32.dll
2007-05-17 15:48 159,744 --a------ C:\WINDOWS\system32\Mfcans32.dll
2007-05-17 15:48 151,040 --a------ C:\WINDOWS\system32\HYPERTOP.DLL
2007-05-17 15:48 1,116,160 --a------ C:\WINDOWS\system32\vcfidl32.DLL
2007-05-17 15:48 <DIR> d-------- C:\Program Files\NxTrend
2007-05-16 23:59 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-16 22:49 <DIR> d-------- C:\Program Files\GlobalSCAPE
2007-05-16 22:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GlobalSCAPE
2007-05-15 21:58 <DIR> d-------- C:\Program Files\QuickTime
2007-05-14 19:39 65,045 --a------ C:\WINDOWS\b138.exe
2007-05-12 12:55 1,156 --a------ C:\WINDOWS\mozver.dat
2007-05-10 21:56 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-05-10 21:56 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-05-10 21:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-05-10 21:34 17,920 --a------ C:\WINDOWS\system32\apintfnt.dll
2007-05-10 21:33 <DIR> d-------- C:\WINDOWS\Sierra
2007-05-10 21:33 <DIR> d-------- C:\Program Files\Sprint
2007-05-10 21:33 <DIR> d-------- C:\Program Files\Sierra Wireless
2007-05-08 01:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-05-07 23:02 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-05-07 23:02 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-05-07 23:02 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-05-07 23:02 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-05-07 23:02 <DIR> d-------- C:\Program Files\Visiosonic
2007-05-06 22:50 <DIR> d-------- C:\WINDOWS\system32\SmileySaver
2007-05-06 18:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-23 04:52:14 -------- d-----w C:\Program Files\Ahead
2007-05-21 21:00:08 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\??sembly
2007-05-21 20:57:41 -------- d-----w C:\Program Files\Sienzo
2007-05-20 17:58:39 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
2007-05-17 03:49:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-17 00:07:04 -------- d-----w C:\Program Files\iLuminaStarter
2007-05-16 02:59:31 -------- d-----w C:\Program Files\iTunes
2007-05-16 02:59:27 -------- d-----w C:\Program Files\iPod
2007-05-11 05:43:47 -------- d-----w C:\Program Files\Apple Software Update
2007-05-07 01:52:42 -------- d-----w C:\Program Files\Free Offers from Freeze.com
2007-05-06 23:42:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-06 23:41:39 -------- d-----w C:\Program Files\Symantec
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-10 12:52:57 -------- d-----w C:\Program Files\Common Files\Nero
2007-04-03 05:15:17 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-04-03 05:14:33 -------- d-----w C:\Program Files\DivX
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-24 16:54:52 -------- d-----w C:\Program Files\Common Files\AOL
2007-03-24 02:17:07 -------- d-----w C:\Program Files\AIM6
2007-03-17 16:33:37 -------- d-----w C:\Program Files\Freeze.com
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 06:40:58 -------- d-----w C:\Program Files\Guitar Pro 5
2007-03-17 05:37:43 0 --sha-r C:\MSDOS.SYS
2007-03-17 05:37:43 0 --sha-r C:\IO.SYS
2007-03-10 02:10:17 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Viewpoint
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-04 07:15:59 335 ----a-w C:\WINDOWS\nsreg.dat
2007-03-02 01:59:59 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-02-26 04:33:25 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-02-26 03:57:42 5,559,264 ----a-w C:\Program Files\bitcomet_setup.exe
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll [2007-02-08 00:04]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 07:20]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 01:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 15:22]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000}=C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-02 21:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 15:03]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 13:56]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 07:20]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 13:04]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 12:49]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 13:12]
"QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 09:03]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 17:51]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-01-23 18:11]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 12:59]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 07:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 07:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 07:17]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"WD Button Manager"="WDBtnMgr.exe" [2007-05-20 17:54 C:\WINDOWS\system32\WDBtnMgr.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b12d52-ff70-11db-bb85-00059a3c7800}]
AutoRun\command- F:\LaunchU3.exe -a

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070523-162841-433
O4 - HKCU\..\Run: [Snte] "C:\PROGRA~1\MCROSO~1.NET\javaw.exe" -vt yazb

backup-20070523-162841-392
O4 - HKCU\..\Run: [muwu] C:\PROGRA~1\COMMON~1\muwu\muwum.exe
********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-23 18:18:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-23 18:20:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-23 18:20

--- E O F ---

________________________________________________________________

_________________________________________________________________

FILES FROM YOUR 1ST REPLY THAT I COULD NOT UNINSTALL (USEING ADD/REMOVE SOFTWARE) OR THAT I COULD NOT FIX (USING HIJACK)....

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

TSA
Netpumper
Bitroll
Bitgrabber
Bitdownload
Torrent101
Download Plugin for Internet Explorer
Search Plugin
WinZix
Zone Media
Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
MediaTickets by OIN
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.
Viewpoint
Viewpoint Manager

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O4 - HKLM\..\Run: [love byte beep itch] C:\Documents and Settings\All Users\Application Data\Defy Blah Love Byte\Comp Great.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000400.exe 61A847B5BBF72810329B385272F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [DartDupe] C:\DOCUME~1\ADMINI~1\APPLIC~1\VIEWME~1\This play.exe

Thanks again in advance!!!! :2thumb:

Oh yea, one other thing. I have a neighbor who has the same problem. Do you recommend that I start a new thread for this?
Thanks,
J

egenbjjj

2007-05-24, 01:49

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:38:08 PM 5/23/2007
+ Scan result:
C:\Program Files\Video Access ActiveX Object -> Adware.Generic : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP116\A0027968.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP116\A0028147.exe -> Adware.PurityScan : Cleaned.
C:\WINDOWS\b116.exe -> Adware.Softomate : Cleaned.
C:\WINDOWS\b122.exe -> Adware.Softomate : Cleaned.
C:\WINDOWS\b136.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\muwu\muwud\muwuc.dll -> Adware.TargetServer : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP115\A0027591.exe -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP115\A0027592.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP115\A0027593.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP115\A0027611.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP115\A0027612.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP115\A0027613.exe -> Adware.WebHancer : Cleaned.
C:\WINDOWS\b129.exe -> Adware.WebHancer : Cleaned.
C:\Program Files\WinZix\WinZixManager.dll -> Adware.WinZix : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SSIQU4SH\setar-101[1].0000 -> Adware.Yazzle : Cleaned.
C:\Program Files\Mіcrosoft.NET\javaw.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP116\A0028146.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP118\A0028334.exe -> Downloader.Agent.bls : Cleaned.
C:\WINDOWS\retadpu2000400.exe -> Downloader.Agent.bls : Cleaned.
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Downloader.PurityScan.eh : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP116\A0027974.exe -> Downloader.PurityScan.eh : Cleaned.
C:\WINDOWS\b128.exe -> Downloader.PurityScan.eh : Cleaned.
C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned.
C:\Program Files\Common Files\muwu\muwup.exe -> Downloader.TSUpdate.f : Cleaned.
C:\Program Files\Common Files\muwu\muwud\vocabulary -> Downloader.TSUpdate.j : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP119\A0028535.exe -> Downloader.TSUpdate.l : Cleaned.
C:\Program Files\Common Files\muwu\muwum.exe -> Downloader.TSUpdate.n : Cleaned.
C:\WINDOWS\b103.exe -> Downloader.TSUpdate.o : Cleaned.
C:\Program Files\Common Files\muwu\muwul.exe -> Downloader.TSUpdate.r : Cleaned.
C:\Documents and Settings\Administrator\My Documents\Jeremy's System Admin\007\svchost.exe -> Hijacker.Agent.jh : Cleaned.
C:\Documents and Settings\Administrator\My Documents\Jeremy's System Admin\007\svchost.exe1178244858 -> Hijacker.Agent.jh : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP112\A0025293.exe -> Hijacker.Agent.jh : Cleaned.
C:\Documents and Settings\Administrator\My Documents\Jeremy's System Admin\007\crack\svchost.exe -> Not-A-Virus.Monitor.Win32.007SpySoft.308 : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP111\A0025266.exe -> Not-A-Virus.Monitor.Win32.007SpySoft.308 : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP112\A0025291.exe -> Not-A-Virus.Monitor.Win32.007SpySoft.308 : Cleaned.
C:\Documents and Settings\Administrator\My Documents\Jeremy's System Admin\007\bak\svchost.exe -> Not-A-Virus.Monitor.Win32.007SpySoft.342 : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP112\A0025290.exe -> Not-A-Virus.Monitor.Win32.007SpySoft.342 : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP118\A0028392.sys -> Rootkit.Agent.eq : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.304:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.305:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.331:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.363:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.384:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.546:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@epson.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@gateway.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@virginmoneyaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@gatorarcade.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.887:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.185:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.547:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.548:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.549:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.854:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.761:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.689:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.892:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.294:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.893:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.758:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.326:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.327:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.328:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.329:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.

egenbjjj

2007-05-24, 01:50

C:\Documents and Settings\Administrator\Cookies\administrator@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkogncjklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@cdn.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.259:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.260:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.903:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.904:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.905:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.906:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.415:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.416:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.552:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.553:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.554:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.856:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.857:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.831:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.522:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.pstats[1].txt -> TrackingCookie.Pstats : Cleaned.
:mozilla.529:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.530:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.535:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.536:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.537:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.538:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.879:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.763:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.764:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.765:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.289:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.565:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.566:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.567:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.568:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.569:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Administrator\Application

egenbjjj

2007-05-24, 01:51

Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.595:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.596:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.597:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.598:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.599:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.767:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.768:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.618:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.619:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.620:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.621:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.622:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.623:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.624:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.625:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.626:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.539:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.540:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.541:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.542:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.543:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.646:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.662:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.467:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.834:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.751:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.752:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.753:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.754:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.755:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.756:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ow2zjwd2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\76QUYX80\drf1179642576[1].htm.exe -> Trojan.Dialer.ri : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\76QUYX80\drf1179713683[1].htm.exe -> Trojan.Dialer.ri : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D40BP14X\drf1179650136[1].htm.exe -> Trojan.Dialer.ri : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GXMB0T6V\drf1179665257[1].htm.exe -> Trojan.Dialer.ri : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\I0JQBJL6\drf1179635016[1].htm.exe -> Trojan.Dialer.ri : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OD2FSL2N\drf1179657697[1].htm.exe -> Trojan.Dialer.ri : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SHM7ST2R\drf1179672820[1].htm.exe -> Trojan.Dialer.ri : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP119\A0028489.exe -> Trojan.Obfuscated.en : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP119\A0028490.exe -> Trojan.Obfuscated.en : Cleaned.
C:\Program Files\Ipwindows\ipwins.dll -> Trojan.Rond : Cleaned.
C:\Program Files\Ipwindows\ipwins.exe -> Trojan.Rond : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP116\A0027978.exe -> Trojan.Rond : Cleaned.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP116\A0027969.exe -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\wnscpiit32.exe -> Trojan.Small : Cleaned.
::Report end :2thumb:

egenbjjj

2007-05-24, 01:52

Logfile of HijackThis v1.99.1
Scan saved at 6:21:51 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{271FD62A-C91E-44B4-9CB4-1A691D816491}: NameServer = 68.28.90.11 68.28.82.11
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

miekiemoes

2007-05-24, 07:17

Hi,

Concerning add/remove programs... yes I know they weren't all there, that's why I also said: if present. :)

Your HijackThislog looks clean again,
Let's deal with the rest now..

I see you have Freeze.com installed - I also recommend you uninstall it via software > add/remove programs if still present.

Then,

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Delete next files:

C:\WINDOWS\rayiou.exe
C:\WINDOWS\b138.exe

Delete next folders:

C:\Qoobox
C:\VundoFix Backups
C:\DOCUME~1\NETWOR~1\APPLIC~1\VIEW MEMO SOFTWARE
C:\WINDOWS\muwu
C:\Program Files\Common Files\muwu
C:\WINDOWS\system32\SmileySaver
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Freeze.com

Next folders are a bit more advanced to delete since they look exactly as folders with legit names, so make sure you don't delete the legit ones here.
Also, these folders won't contain much inside

Delete next folders:

C:\DOCUME~1\ADMINI~1\APPLIC~1\??sembly <== This folder may look like assembly. Don't delete the assembly folder anywhere else! If you rightclick this bad folder, the date it was modified is 2007-05-21 15:02

C:\WINDOWS\system32\s?stem32 <== this folder, it is a subfolder of the system32-folder but may look like a system32-folder as well. It's dated: 2007-05-21 15:02

C:\Program Files\M?crosoft.NET <== this folder, may look like Microsoft.Net. Don't delete the Microsoft.NET folder anywhere else. This folder is dated: 2007-05-22 15:59

If you're in doubt here, don't delete them, but ask me first!

Then,
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs: Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Let me know in your next reply how things are now.

Yes, it may be better to start a new thread for your neighbour :)

egenbjjj

2007-05-24, 18:03

Well, everything seems to be working fine. Unless there are more steps, thanks for the help. :D:

Here is the latest hijack log

Logfile of HijackThis v1.99.1
Scan saved at 10:51:50 AM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{271FD62A-C91E-44B4-9CB4-1A691D816491}: NameServer = 68.28.90.11 68.28.82.11
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again.

egenbjjj

2007-05-24, 18:09

Hey Bud,
One last question for you.... What would you recommend for a complete anti-spyware/adware/virus protection software? I would prefer something free, but if there is something that just completely blows everything else out of the water, I would be willing to purchase. And, what would be a good site or troubleshooting a wireless network?
Thanks,
J

miekiemoes

2007-05-24, 18:16

Hi,

Your log looks clean.
Concerning antivirus/antispyware protection.. I made a list of the ones I recommend: http://users.telenet.be/bluepatchy/miekiemoes/Links.html
Keep in mind, if you decide to install another Antivirus, you have to uninstall your current one first - because more than one antivirus is not compatible.
A good free Antivirus is Avira, which is great in detection and removal.

Some good Wireless network troubleshooting sites:

http://www.windowsnetworking.com/articles_tutorials/Troubleshooting-Wireless-Network-Connections.html
http://support.microsoft.com/kb/313242
http://www.practicallynetworked.com/support/troubleshoot_wireless.htm
http://www.smartcomputing.com/Editorial/article.asp?article=articles/webonly/techsupport/76w10/76w10.asp&guid=

Glad I could help. :)

Please read my Prevention page (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html).

Happy Surfing again!