artemis
2006-11-24, 02:34
Hello, I would be really grateful for some advise.
smitfraud-c.toolbar888 was identified after doing a scan with spybot. I have read in various places after attempting to check and clean my system that this may be a false positive.
I wondered if you could advise me whether it was and if not what should I do from here. I hope I have provided all the information you need. It doesn't mean that much to me unfortunatley.
Thanks
Smitfraud-C.Toolbar888: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1229272821-1482476501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
SmitFraudFix v2.123
Scan done at 23:03:26.85, 23/11/2006
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 00:17:33 24/11/2006
+ Scan result:
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000012.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000013.TXT -> TrackingCookie.Adtech : Cleaned.
C:\RECYCLER\NPROTECT\00000001.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00000010.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00000014.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00000037.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00000002.TXT -> TrackingCookie.Adviva : Cleaned.
C:\RECYCLER\NPROTECT\00000015.TXT -> TrackingCookie.Adviva : Cleaned.
C:\RECYCLER\NPROTECT\00000003.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00000017.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00000018.TXT -> TrackingCookie.Bfast : Cleaned.
C:\RECYCLER\NPROTECT\00000004.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\NPROTECT\00000019.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\NPROTECT\00000024.TXT -> TrackingCookie.Commission-junction : Cleaned.
C:\RECYCLER\NPROTECT\00000005.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00000025.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\RECYCLER\NPROTECT\00000000.TXT -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00000016.TXT -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00000029.TXT -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.22:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\RECYCLER\NPROTECT\00000027.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00000030.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adrian\Cookies\adrian@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\RECYCLER\NPROTECT\00000007.TXT -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\NPROTECT\00000032.TXT -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.16:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.17:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\NPROTECT\00000033.TXT -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\NPROTECT\00000008.TXT -> TrackingCookie.Qksrv : Cleaned.
C:\RECYCLER\NPROTECT\00000034.TXT -> TrackingCookie.Qksrv : Cleaned.
C:\RECYCLER\NPROTECT\00000009.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00000035.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00000036.TXT -> TrackingCookie.Realmedia : Cleaned.
:mozilla.33:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Res99 : Cleaned.
:mozilla.7:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.8:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\NPROTECT\00000006.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\NPROTECT\00000026.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\RECYCLER\NPROTECT\00000038.TXT -> TrackingCookie.Tradedoubler : Cleaned.
C:\RECYCLER\NPROTECT\00000011.TXT -> TrackingCookie.Valueclick : Cleaned.
C:\RECYCLER\NPROTECT\00000039.TXT -> TrackingCookie.Valueclick : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 00:39:43, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkypeClient] "C:\Program Files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anglia/support/plugins/ebraryRdr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
smitfraud-c.toolbar888 was identified after doing a scan with spybot. I have read in various places after attempting to check and clean my system that this may be a false positive.
I wondered if you could advise me whether it was and if not what should I do from here. I hope I have provided all the information you need. It doesn't mean that much to me unfortunatley.
Thanks
Smitfraud-C.Toolbar888: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1229272821-1482476501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
SmitFraudFix v2.123
Scan done at 23:03:26.85, 23/11/2006
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 00:17:33 24/11/2006
+ Scan result:
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000012.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000013.TXT -> TrackingCookie.Adtech : Cleaned.
C:\RECYCLER\NPROTECT\00000001.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00000010.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00000014.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00000037.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00000002.TXT -> TrackingCookie.Adviva : Cleaned.
C:\RECYCLER\NPROTECT\00000015.TXT -> TrackingCookie.Adviva : Cleaned.
C:\RECYCLER\NPROTECT\00000003.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00000017.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00000018.TXT -> TrackingCookie.Bfast : Cleaned.
C:\RECYCLER\NPROTECT\00000004.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\NPROTECT\00000019.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\NPROTECT\00000024.TXT -> TrackingCookie.Commission-junction : Cleaned.
C:\RECYCLER\NPROTECT\00000005.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00000025.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\RECYCLER\NPROTECT\00000000.TXT -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00000016.TXT -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT\00000029.TXT -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.22:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\RECYCLER\NPROTECT\00000027.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00000030.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adrian\Cookies\adrian@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\RECYCLER\NPROTECT\00000007.TXT -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\NPROTECT\00000032.TXT -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.16:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.17:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\NPROTECT\00000033.TXT -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\NPROTECT\00000008.TXT -> TrackingCookie.Qksrv : Cleaned.
C:\RECYCLER\NPROTECT\00000034.TXT -> TrackingCookie.Qksrv : Cleaned.
C:\RECYCLER\NPROTECT\00000009.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00000035.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00000036.TXT -> TrackingCookie.Realmedia : Cleaned.
:mozilla.33:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Res99 : Cleaned.
:mozilla.7:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.8:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5vqtjyaz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\NPROTECT\00000006.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\NPROTECT\00000026.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\RECYCLER\NPROTECT\00000038.TXT -> TrackingCookie.Tradedoubler : Cleaned.
C:\RECYCLER\NPROTECT\00000011.TXT -> TrackingCookie.Valueclick : Cleaned.
C:\RECYCLER\NPROTECT\00000039.TXT -> TrackingCookie.Valueclick : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 00:39:43, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkypeClient] "C:\Program Files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anglia/support/plugins/ebraryRdr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe