PDA

View Full Version : Help me clear yourieprotect/gold codec/etc off my system



BirdieKate
2006-12-03, 21:37
Hello to the great gurus of tech-dom. I seek your help, and sorry if this is the N-th time you have been asked for assistance on this one.

Last week my computer got infected with the homepage hijacker, yourieprotect. I've been spending a lot of time online researching and trying to fix. The most success I've had so far was with a Microsoft beta test, Live OneCare, which found and fixed many things... but strangely enough I am unable to reload that software and run that scan again. After that fix, yourieprotect no longer loads on my system, hooray, but I'm very afraid that other things linger that I can't see. Until I have some confidence back, I cannot use this home computer to do online banking, bill paying, etc.

I followed the instrux in "Before You Post" except I was completely unsuccesful in running any of the suggested online virus scanners. Tried twice to run Trend Micro; shut me down and knocked me off internet before finishing both times. Panda - never able to successfully download so couldn't run. eTrust gave me an error message; BitDefender says "page not found". Hey, I tried.

I have downloaded and run Spybot S&D and after finding and fixing 57 items the first run (then ran in Safe Mode just to be sure,) it now proclaims me "clean." Ah, I'm getting there, I hope. Here's the latest log from Hijackthis. thanks for your patience.

Logfile of HijackThis v1.99.1
Scan saved at 2:25:49 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F816BC9A-EAA0-4D3B-80DF-5DD3C5CBB687}: NameServer = 71.243.0.12 71.250.0.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks - [I]BirdieKate

BirdieKate
2006-12-04, 01:56
Since posting the above thread earlier today, I have since gone to the Sticky entitled "VirusBurst, X Password Generator, various ZLOB CODECS, and other desktop type hijacks" and followed all the instructions there for downloads, scans, reports, etc. I can supply copies of reports/files requested in that thread as soon as I am asked to do so.

Thanks.

BirdieKate

pskelley
2006-12-04, 02:02
Welcome to the forum, post those three logs, I'll be glad to take a look.

c:\rapport.txt
AVG Anti-Spyware log
The HJT log

Thanks...Phil:bigthumb:

BirdieKate
2006-12-04, 02:25
Thanks so much - I hope you're not sorry you offered when you see this. The second log is huge, too big to post in one post. Here is part 1 of 2, hopefully 2 is all it will take. I appreciate your time and patience!!

1. rapport.txt
SmitFraudFix v2.127

Scan done at 17:14:52.35, Sun 12/03/2006
Run from C:\Documents and Settings\Katie\My Documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"

[HKEY_CLASSES_ROOT\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32]
@="C:\WINDOWS\system32\xxfgmy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32]
@="C:\WINDOWS\system32\xxfgmy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

2. AVG Anti-Spyware log
--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:16:05 PM 12/3/2006

+ Scan result:



C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0033240.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2539394891-1449265794-2157899825-1007\Dc4.exe -> Downloader.Agent.auv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0032184.dll -> Downloader.Zlob.ako : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0033361.exe -> Downloader.Zlob.aku : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0033364.exe -> Downloader.Zlob.ec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP137\A0030702.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
:mozilla.347:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.31:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.143:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.144:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.151:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.152:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.153:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.273:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.276:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.374:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.293:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.294:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.295:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.296:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.298:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.299:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.40:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.156:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.309:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.65:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.289:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.286:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.28:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.396:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.275:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.242:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.243:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.244:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.245:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.263:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.169:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.170:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.171:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.172:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.173:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.174:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.157:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.158:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.160:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@ehg-viacom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@ehg-attworldnet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@ehg-equifax.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.360:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.246:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.305:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.306:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.307:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.308:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.236:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.237:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.238:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.48:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

BirdieKate
2006-12-04, 02:28
:sad:
C:\Documents and Settings\Andy\Cookies\andy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.190:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.191:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.192:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.193:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.194:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.195:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.429:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.430:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.431:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.432:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.433:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.249:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.250:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.251:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.252:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.253:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.223:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.224:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.469:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.470:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.471:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.137:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.434:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.436:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.437:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.213:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.214:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.215:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.216:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.217:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.218:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.219:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.53:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.54:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.310:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.311:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.55:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.379:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.380:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.381:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.382:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.383:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.384:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt ->
TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.287:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.288:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\oirjf6ft.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.74:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.75:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.76:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.77:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.78:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\6qwn48gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Katie\Local Settings\Temp\Cookies\katie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Temp\Cookies\andy@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

Wow that's big. sorry.


and last:

The HJT log
Logfile of HijackThis v1.99.1
Scan saved at 7:15:27 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB

last part coming

BirdieKate
2006-12-04, 02:29
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F816BC9A-EAA0-4D3B-80DF-5DD3C5CBB687}: NameServer = 71.243.0.12 71.250.0.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Sheesh. I hope you have a lot of patience!!

One last thing - as I browsed around my computer, I noticed a big fat file named "StubInstaller - LimeWire swarmed installer" sitting right on my C: drive. ???

Many MANY thanks for any help you can give, plus all that patience. I hope I have sent all the right stuff.

BirdieKate

pskelley
2006-12-04, 02:56
Hi Katie, What are you storing all of those nasty cookies for?
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
That information should help.


Process File: stubinstaller or stubinstaller.exe
Process Name: 180SearchAssistant Spyware
http://www.liutilities.com/products/wintaskspro/processlibrary/stubinstaller/

LimeWire <<< what are you doing with that junk on your computer? Read this:
http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453088059
Scan that file with one of these free online scans and delete it if it comes back bad as it probably will:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html


1) Please let me have a look at what you have installed like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

4) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
adware

Close all programs but HJT and all browser windows, then click on "Fix Checked"

6) 1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

7) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Make sure to restart the computer, then run another AVG scan and post it along with a fresh HJT log. and the uninstall list from above. Let me know how the computer is running.

Thanks...Phil

See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_09\ <<< Java just updated to 10, update your version please.

BirdieKate
2006-12-04, 13:40
Phil - good morning! I know, I know, all that horrible stuff. It makes me feel so dirty. There is a second user on this computer - the kind who is up into the wee hours of the morning, surfing God-knows-where and downloading God-knows-what. I'll just blame him, the little sweetie.

Anyways - I'm off to work for the day but will do my reading and then get to work on everything tonight, and post an update as requested after. MANY thanks.

BirdieKate

pskelley
2006-12-04, 13:48
Sounds good, it would be best if you kept this computer offline as much as possible until it is clean, the junk will attract more. I also need to see a HJT log when you are signed in to that second user.

Thanks...Phil

BirdieKate
2006-12-05, 03:35
Good evening, Phil! I've been busy. Your instrux are clear, specific, easy to follow. Thx so much. Here's my rundown of what I did against what you told me to do... then the files (prob. in separate reply.)

[QUOTE=pskelley;56252]Hi Katie, What are you storing all of those nasty cookies for?
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies Did this
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html Couldn't follow these instructions, it said to open the Edit file and choose Preferences... didn't find Preferences.

stubinstaller or stubinstaller.exe

LimeWire <<< what are you doing with that junk on your computer?
Scan that file with one of these free online scans and delete it if it comes back bad as it probably will:
I scanned it using all three of the scans you suggested, and none of them called it bad. Can I delete it anyways? Best way to do so? (I would delete, them empty Recycle bin-- ? Yes? Or maybe even uninstall. You tell me.)


C:\Program Files\Java\jre1.5.0_09\ <<< Java just updated to 10, update your version please -- done. thanks for that.

1) Please let me have a look at what you have installed like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

Here is the HJT uninstall file:

Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
AVG Anti-Spyware 7.5
Cabos
Canon Digital Camera USB WIA Driver
ccCommon
Collab
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 3.1
Digital Content Portal
EarthLink setup files
ELIcon
FL Studio 6
Google
Google Earth
Google Toolbar for Internet Explorer
GTA2
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.12.3
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (1.5.0.8)
NAVShortcut
NetZeroInstallers
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
Panda ActiveScan
Photo Click
QuickTime
Rhapsody Player Engine
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Unreal Tournament Demo
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Defender
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859


3) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Done. After all of the fixes are complete it is very important that you enable Real-time Protection again. I take it, it's not time to enable this yet, yes? I might need to be told when...

4) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry. done

5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
adware

Close all programs but HJT and all browser windows, then click on "Fix Checked" done.

6) 1. Turn off System Restore.
2. Reboot.
3. Turn ON System Restore
done


7) Run ATF Cleaner done

Make sure to restart the computer, then run another AVG scan and post it along with a fresh HJT log. and the uninstall list from above.
the AVG scan came back clean... that and the latest HJT log will be in my next post.

Let me know how the computer is running. A little slow... slow to load at startup, do you think it's because I've downloaded so many things in the past 2 days?! It's not too bad loading new pages, but not snappy. When I was running as the other user, it was slow to process. Oh yes, and that other user's HJT file will go out in a separate reply too.

BirdieKate
2006-12-05, 03:36
Here's the AVG scan:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:09:53 PM 12/4/2006

+ Scan result:



Nothing found.



::Report end

Ain't that pretty. And the latest HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:10:34 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BirdieKate
2006-12-05, 03:37
and last but not least, the HJT from when I was logged on as that other user.

Logfile of HijackThis v1.99.1
Scan saved at 6:49:17 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F816BC9A-EAA0-4D3B-80DF-5DD3C5CBB687}: NameServer = 71.243.0.12 71.250.0.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

pskelley
2006-12-05, 04:12
Uninstall list:

You use aol so we need to leave that stuff. Here is what I think:

AVG Anti-Spyware 7.5 <<< once we are finished, I will suggest you turn this off completely so it does not run (no benefits after the trial) but I would keep the scanner, updates are free.

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Uninstall these, even though you have the newest version, hackers can use script to infect you via these old versions.

LimeWire 4.12.3: http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453088059
I would uninstall this:
http://pcpitstop.com/spycheck/p2p.asp
http://pcpitstop.com/spycheck/badtorrent.asp
http://www.mainstream.net/security_howto/dangers_of_p2p_file_sharing.shtml

Mozilla Firefox (1.5.0.8) <<< probably why the instructions would not work, this is a very old version. If you are going to use Firefox, you need to run the newest version for safety.
http://www.mozilla.com/en-US/firefox/

Panda ActiveScan: you are not using this, I would uninstall it.

Viewpoint Media Player: I would uninstall this:
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint

If you see other programs you no long use, uninstall them.

I do not see this in the uninstall list: stubinstaller or stubinstaller.exe I suggest you move it to the recycle bi (delete) and let it set there for a few days. I personally can think of no good reason to have it on your computer.

Turn Windows Defender back on. The only reason I turn it off is because it blocks HJT changes when we are making them. Always activate it when you complete the instructions.

Remind me before we finish to give you links with ideas for speeding up the computer. Cleaning out Prefetch with ATF-Cleaner will cause it to boot a little slow until Windows repopulates that folder:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

If you have two users, I would like to see HJT logs from both, and make sure you mark them so you will know who they belong to.

Thanks

BirdieKate
2006-12-05, 14:28
Okay, I've just uninstalled everything you suggested -- except the Java 2 Runtime Environment, SE v1.4.2_03 -- I got an error during uninstall:

Error 1316 - A network error occurred while attempting to read from file C:\WINDOWS\Installer\Java 2 Runtime Environment, SE v1.4.2_03msi.

then I clicked OK to continue and got a Fatal Error at the end and the uninstall was unsuccessful. That was the only problem.

If you have two users, I would like to see HJT logs from both, and make sure you mark them so you will know who they belong to. I did give you two different HJT logs last night, the first from me and the second from the other user - they're marked - do you want new ones from me? If so, no prob, but that'll have to come tonight, after the boring workday. I think I'm already late.

Am I close to "clean"? If you were using my system, would you do any online banking/bill paying?! I'm still paranoid.

One last question - yesterday while downloading the Java update, I noticed a place to click for automatic updates - that's probably a good idea, yes? but can't get back to that page. Do you have a link?

Plodding along with your help! Later.

pskelley
2006-12-05, 15:12
I hate to pass the buck, but I just do not know much about error messages from Java. I do know a load of folks have picked up Vundo trojans and we strongly suspect that version of Java is the reason. Why don't you contact Java for instruction, make sure you include the error message completely.
http://java.sun.com/developer/support/

Am I close to "clean"? If you were using my system, would you do any online banking/bill paying?! I'm still paranoid
I am helping a lot of folks, but if I remember I am still waiting for HJT logs from all users. Seems the one I have not seen may have been the user who got the infection, so I really need to make sure that user and all others are clean. At that point the rest is basically all cosmetic and stuff you are already taking care of.


One last question - yesterday while downloading the Java update, I noticed a place to click for automatic updates - that's probably a good idea, yes?
General consensus is that the auto-updater is buggy and one is better off to check it manually, Your call on that one, and you should find that in the Java Console in your Control Panel.
I will be away from my computer on a house call until early afternoon if you post those logs.

Thanks

BirdieKate
2006-12-06, 04:47
Okay, I don't know if I'm doing this right, both these log files look pretty identical. I switch to the other user and run HJT and then I switch back to myself and run it, and these are what I get. Each is marked. "Andy" is the other user who caught the infection.

ANDY'S LOG
Logfile of HijackThis v1.99.1
Scan saved at 9:35:59 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F816BC9A-EAA0-4D3B-80DF-5DD3C5CBB687}: NameServer = 71.243.0.12 71.250.0.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


NOW KATIE'S LOG (that's me):
Logfile of HijackThis v1.99.1
Scan saved at 9:37:15 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141428586\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F816BC9A-EAA0-4D3B-80DF-5DD3C5CBB687}: NameServer = 71.243.0.12 71.250.0.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Let me know if I have not done this correctly.
Things seem to be working rather well in terms of loading speed, etc. Thanks for the link to Java, I'll speak to them directly about the error message.

Thanks for your valuable time!

pskelley
2006-12-06, 14:27
ANDY'S LOG
Logfile of HijackThis v1.99.1 Scan saved at 9:35:59 PM, on 12/5/2006
Looks to be clean of malware:bigthumb:

NOW KATIE'S LOG
Logfile of HijackThis v1.99.1 Scan saved at 9:37:15 PM, on 12/5/2006
Looks to be clean of malware:bigthumb:

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Safe surfing...tashi :) will close your topic in a few days.

Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

BirdieKate
2006-12-07, 00:21
PHIL! :crowned:
I am incredibly grateful for your assistance, time, patience, knowledge and expertise, and willingness to share. What a fantastic forum, so very glad I found it. A techy is a wonderful thing; a techy who can also communicate well gets my highest form of praise.

I will do my required reading via the links you gave me and follow all advice. I've already had a conversation with that Other User about not clicking "ok" to just anything, especially when perusing the world of online video. Hopefully we'll stay up to date on things and keep our defenses up.

Many thanks again. Have a great holiday season.

:bighug:

pskelley
2006-12-09, 14:38
As the problem appears to be resolved:bigthumb: this topic has been closed.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.