"Warning! Potential Spyware" Operation [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

"Warning! Potential Spyware" Operation [RESOLVED], Need help to remove the above malware

Options

kahdah View Member Profile	Nov 2 2007, 09:41 AM Post #2
GeekU Teacher Posts: 13,397 From: Florida OS: Windows xp,Vista business	Hello Stomp1 Welcome to G2Go. You have quite a few files that we need to take care of . Let's start by doing this: * Click here to download HJTsetup.exe Save HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\Hijack This. Click on I agree Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. ============================ After that Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall In case you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday. In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Stomp1 View Member Profile	Nov 2 2007, 10:45 PM Post #3
New Member Posts: 8 OS: XP	Dear Kahdah, Thank you for replying so promptly. I really appreciate this. The log files on HiJackThis and ComboFix are attached below as instructed:- HiJackThis log:- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:33:30 AM, on 11/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\drivers\Icon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\WinAvXX.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: system.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: sulimo.dat O22 - SharedTaskScheduler: adirondack - {547aaa89-7e6b-42b4-b112-a64955f86a2a} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Myra/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 8508 bytes Here is the ComboFix Log file:- ComboFix 07-11-01.1 - Myra 2007-11-03 11:56:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1596 [GMT 11:00] Running from: C:\Documents and Settings\Myra\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe C:\Documents and Settings\Benetton\Start Menu\Programs\Startup\system.exe C:\Documents and Settings\Myra\Start Menu\Programs\Startup\system.exe C:\Program Files\video activex access C:\Program Files\video activex access\ot.ico C:\Program Files\video activex access\Thumbs.db C:\Program Files\video activex access\ts.ico C:\Program Files\VirusProtectPro 3.5 C:\Program Files\VirusProtectPro 3.5\ignored.lst C:\Program Files\VirusProtectPro 3.5\vpp.ini C:\WINDOWS\system32\drivers\Icon.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\WinAvXX.exe . ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))) . 2007-11-03 11:42 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-03 11:33 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-02 17:24 <DIR> d-------- C:\Deckard 2007-11-02 15:35 <DIR> d-------- C:\Documents and Settings\Myra\Application Data\Uniblue 2007-11-02 13:12 <DIR> d-------- C:\db88a8d408147e526b38f155 2007-11-02 13:11 8,706,680 --a------ C:\Program Files\Windows-KB890830-V1.34.exe 2007-11-02 00:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-27 18:20 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-26 00:02 <DIR> d-------- C:\Program Files\iPod 2007-10-26 00:02 <DIR> d-------- C:\Documents and Settings\Benetton\Application Data\Apple Computer 2007-10-26 00:01 <DIR> d-------- C:\Program Files\QuickTime 2007-10-26 00:01 <DIR> d-------- C:\Program Files\iTunes 2007-10-26 00:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-10-26 00:00 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-10-26 00:00 <DIR> d-------- C:\Program Files\Apple Software Update 2007-10-26 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-26 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-25 21:18 <DIR> d-------- C:\Documents and Settings\Benetton\Application Data\ICQ Toolbar 2007-10-25 16:22 <DIR> d-------- C:\Documents and Settings\Myra\Application Data\ICQ Toolbar 2007-10-25 16:15 <DIR> d-------- C:\Program Files\ICQToolbar 2007-10-17 20:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2007-10-11 22:08 <DIR> d-------- C:\Documents and Settings\Myra\Application Data\ACD Systems 2007-10-11 22:05 <DIR> d-------- C:\Program Files\ACD Systems 2007-10-10 15:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-03 20:24 <DIR> d-------- C:\Documents and Settings\Benetton\Application Data\ACD Systems 2007-10-03 20:19 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2007-10-03 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2007-10-03 20:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-01 22:28 --------- d-----w C:\Program Files\Norton AntiVirus 2007-11-01 07:51 --------- d-----w C:\Program Files\Movies 2007-10-31 05:37 --------- d-----w C:\Documents and Settings\Myra\Application Data\eBookPro6 2007-10-30 22:43 --------- d-----w C:\Program Files\MSECache 2007-10-25 05:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-15 03:12 --------- d-----w C:\Program Files\Symantec 2007-10-15 03:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-05 14:03 44,184 ----a-w C:\Documents and Settings\Myra\Application Data\GDIPFONTCACHEV1.DAT 2007-09-27 23:04 --------- d-----w C:\Documents and Settings\Myra\Application Data\Yahoo! 2007-09-27 11:46 --------- d-----w C:\Documents and Settings\Benetton\Application Data\Yahoo! 2007-09-27 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-09-27 11:42 --------- d-----w C:\Program Files\Yahoo! 2007-09-27 09:20 --------- d-----w C:\Program Files\DivX 2007-09-22 13:24 --------- d-----w C:\Documents and Settings\Benetton\Application Data\uTorrent 2007-09-21 10:36 --------- d-----w C:\Documents and Settings\Myra\Application Data\Sonic 2007-09-21 10:36 --------- d-----w C:\Documents and Settings\Myra\Application Data\Leadertech 2007-09-19 22:46 --------- d-----w C:\Program Files\Invoke Solutions 2007-09-14 08:44 40,296 ----a-w C:\Documents and Settings\Benetton\Application Data\GDIPFONTCACHEV1.DAT 2007-09-09 05:37 --------- d-----w C:\Program Files\BitTorrent 2007-09-08 22:34 --------- d-----w C:\Program Files\Common Files\Ahead 2007-09-08 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-09-08 13:26 --------- d-----w C:\Documents and Settings\Benetton\Application Data\Ahead 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 11:01] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 11:01] "SoundMan"="SOUNDMAN.EXE" [2004-04-28 17:19 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-18 12:50] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-26 19:32] "NWEReboot"="" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 09:31] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 07:24] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 03:24] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-04-21 18:03] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] R2 MTC0005_MTCDIO;Wireless HotKey Driver;C:\WINDOWS\system32\drivers\MTCDIO.sys R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys S2 MTCDIO;MTCDIO;C:\WINDOWS\system32\DRIVERS\MTCDIO.sys . Contents of the 'Scheduled Tasks' folder "2007-10-30 22:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-11-02 09:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\Navw32.exe "2007-11-03 01:19:47 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************ catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-03 12:27:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-03 12:39:19 - machine was rebooted . --- E O F ---

kahdah View Member Profile	Nov 3 2007, 06:14 AM Post #4
GeekU Teacher Posts: 13,397 From: Florida OS: Windows xp,Vista business	You are welcome 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: CODE Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}"=- [-HKEY_CLASSES_ROOT\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinAVX"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinAVX"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoControlPanel"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "rare"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"="" 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot),after reboot then please save the log to post in your next reply. =============================================================== Please download AVG Anti-Spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. On the main screen select the icon "Update" then select the "Update now" link. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" unSelect "Automatically generate report after every scan" Un-Select "Only if threats were found" Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: Make sure that Set all elements to: shows Quarantine <== This is important Important: Click on the Apply all Actions button (* This must done before saving the report ) When the program has finished, it will display the message All actions have been applied. Then click the Save Scan Report* button. Click the Save Report as button. Save the report to your Desktop. ============================= Please post back with these logs: Combofix log AVG anstispyware log New Hijackthis log. This post has been edited by kahdah: Nov 3 2007, 06:15 AM

Stomp1 View Member Profile	Nov 4 2007, 05:54 AM Post #5
New Member Posts: 8 OS: XP	Hi Kahdah, Here are the Combo log, AVG Anti-Spyware log and new HiJackThis log files. BTW, any word of advice for me (like what software I should have to protect my system from unwanted future spy, or when transferring files on the internet, etc) to protect my system from these malware in future? Combo log: ComboFix 07-11-01.1 - Benetton 2007-11-04 16:55:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1621 [GMT 11:00] Running from: C:\Documents and Settings\Benetton\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Benetton\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 ))))))))))))))))))))))))))))))) . 2007-11-04 15:50 <DIR> d-------- C:\DRV 2007-11-04 15:50 <DIR> d-------- C:\DevLog 2007-11-03 23:29 <DIR> d-------- C:\Documents and Settings\Myra\Application Data\uTorrent 2007-11-03 11:42 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-03 11:33 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-02 17:24 <DIR> d-------- C:\Deckard 2007-11-02 15:35 <DIR> d-------- C:\Documents and Settings\Myra\Application Data\Uniblue 2007-11-02 13:12 <DIR> d-------- C:\db88a8d408147e526b38f155 2007-11-02 13:11 8,706,680 --a------ C:\Program Files\Windows-KB890830-V1.34.exe 2007-11-02 00:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-27 18:20 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-26 00:02 <DIR> d-------- C:\Program Files\iPod 2007-10-26 00:02 <DIR> d-------- C:\Documents and Settings\Benetton\Application Data\Apple Computer 2007-10-26 00:01 <DIR> d-------- C:\Program Files\QuickTime 2007-10-26 00:01 <DIR> d-------- C:\Program Files\iTunes 2007-10-26 00:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-10-26 00:00 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-10-26 00:00 <DIR> d-------- C:\Program Files\Apple Software Update 2007-10-26 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-26 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-25 21:18 <DIR> d-------- C:\Documents and Settings\Benetton\Application Data\ICQ Toolbar 2007-10-25 16:22 <DIR> d-------- C:\Documents and Settings\Myra\Application Data\ICQ Toolbar 2007-10-25 16:15 <DIR> d-------- C:\Program Files\ICQToolbar 2007-10-17 20:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2007-10-11 22:08 <DIR> d-------- C:\Documents and Settings\Myra\Application Data\ACD Systems 2007-10-11 22:05 <DIR> d-------- C:\Program Files\ACD Systems 2007-10-10 15:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-04 05:15 --------- d-----w C:\Documents and Settings\Benetton\Application Data\uTorrent 2007-11-04 04:18 --------- d-----w C:\Program Files\BitTorrent 2007-11-03 12:29 --------- d-----w C:\Program Files\uTorrent 2007-11-03 09:04 --------- d-----w C:\Program Files\Norton AntiVirus 2007-11-01 07:51 --------- d-----w C:\Program Files\Movies 2007-10-31 05:37 --------- d-----w C:\Documents and Settings\Myra\Application Data\eBookPro6 2007-10-30 22:43 --------- d-----w C:\Program Files\MSECache 2007-10-25 05:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-15 03:12 --------- d-----w C:\Program Files\Symantec 2007-10-15 03:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-11 11:05 --------- d-----w C:\Program Files\Common Files\ACD Systems 2007-10-05 14:03 44,184 ----a-w C:\Documents and Settings\Myra\Application Data\GDIPFONTCACHEV1.DAT 2007-10-03 09:24 --------- d-----w C:\Documents and Settings\Benetton\Application Data\ACD Systems 2007-10-03 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2007-09-27 23:04 --------- d-----w C:\Documents and Settings\Myra\Application Data\Yahoo! 2007-09-27 11:46 --------- d-----w C:\Documents and Settings\Benetton\Application Data\Yahoo! 2007-09-27 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-09-27 11:42 --------- d-----w C:\Program Files\Yahoo! 2007-09-27 09:20 --------- d-----w C:\Program Files\DivX 2007-09-21 10:36 --------- d-----w C:\Documents and Settings\Myra\Application Data\Sonic 2007-09-21 10:36 --------- d-----w C:\Documents and Settings\Myra\Application Data\Leadertech 2007-09-19 22:46 --------- d-----w C:\Program Files\Invoke Solutions 2007-09-14 08:44 40,296 ----a-w C:\Documents and Settings\Benetton\Application Data\GDIPFONTCACHEV1.DAT 2007-09-08 22:34 --------- d-----w C:\Program Files\Common Files\Ahead 2007-09-08 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-09-08 13:26 --------- d-----w C:\Documents and Settings\Benetton\Application Data\Ahead 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 11:01] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 11:01] "SoundMan"="SOUNDMAN.EXE" [2004-04-28 17:19 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-18 12:50] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-26 19:32] "NWEReboot"="" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 09:31] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 07:24] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 03:24] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-04-21 18:03] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) R2 MTC0005_MTCDIO;Wireless HotKey Driver;C:\WINDOWS\system32\drivers\MTCDIO.sys R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys S2 MTCDIO;MTCDIO;C:\WINDOWS\system32\DRIVERS\MTCDIO.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{011e5bb0-0b79-11dc-8b74-0040d07c44a6}] \Shell\AutoRun\command - D:\Setup.exe -auto . Contents of the 'Scheduled Tasks' folder "2007-10-30 22:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-11-02 09:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\Navw32.exe "2007-11-04 05:22:01 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************ catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-04 17:15:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-04 17:29:39 C:\ComboFix2.txt ... 2007-11-03 12:39 . --- E O F --- AVG Anti-Spyware log: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:34:31 PM 11/4/2007 + Scan result: C:\Documents and Settings\Benetton\Desktop\My File\Software\All New Vista Automated Activation Crack Relly works.rar/All New Vista Automated Activation Crack Relly works\GET CASH MONEY IN 30 MINUTES - DISCOVER HOW NOW\Install.exe -> Adware.Casino : Cleaned with backup (quarantined). :mozilla.142:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.143:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.240:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.247:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.251:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.310:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.385:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.543:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.544:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.545:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.546:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.547:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.548:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.549:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.550:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.551:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.552:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.553:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.24:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.26:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.47:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.48:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.16:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.17:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.18:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.7:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.8:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.9:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.179:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.470:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.471:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.472:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.43:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.484:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.434:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.23:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.24:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.25:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.485:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.133:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.415:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.49:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.38:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.39:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.40:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.49:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.50:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.51:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.52:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.83:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.89:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.265:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.358:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.410:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.522:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.523:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.524:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.525:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.526:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.527:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.537:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.292:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.293:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned. :mozilla.257:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.157:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.312:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. :mozilla.146:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.384:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.175:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.176:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.177:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.178:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.422:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.425:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.426:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.427:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.428:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.429:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.430:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.431:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.435:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.436:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.437:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.438:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.367:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.368:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.339:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.340:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.341:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.342:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.343:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@revenue[2].txt -> TrackingCookie.Revenue : Cleaned. :mozilla.185:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.186:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.188:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.189:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.190:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.191:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@revsci[2].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@revsci[2].txt -> TrackingCookie.Revsci : Cleaned. :mozilla.318:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.319:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.320:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.321:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.322:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.542:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.258:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.259:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.260:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.261:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.20:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.21:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.22:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.26:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.119:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Myra\Cookies\myra@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.86:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.122:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.130:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.28:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.29:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.30:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.31:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.32:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.33:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.34:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.35:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.35:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.36:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.36:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.37:C:\Documents and Settings\Benetton\Application Data\Mozilla\Firefox\Profiles\5r3yxuc7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.37:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.38:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.39:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.40:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.41:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.42:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.43:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.44:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.45:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.46:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.127:C:\Documents and Settings\Myra\Application Data\Mozilla\Firefox\Profiles\s03jjzhr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\Benetton\Cookies\benetton@zedo[1].txt -> TrackingCookie.Zedo : Cleaned. ::Report end New HiJackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:42:23 PM, on 11/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\iPod\bin\iPodService.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 7959 bytes

kahdah View Member Profile	Nov 4 2007, 06:55 AM Post #6
GeekU Teacher Posts: 13,397 From: Florida OS: Windows xp,Vista business	Yes keeping an up to date antivirus and running Full system scans Bi-weekly will help prevent future infections. Also an up to date antispyware program run Bi weekly will also prevent future infctions. I see that you have uTorrent installed. Having P2p programs such as these raise the possibility of getting infected again. See here for information on P2P's. I will leave it up to you if you want to remove it. To remove it just simply uninstall it then delete this folder>C:\Program Files\UTorrent =========================================================== After that please update your Java: Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems Ugrading Java: Download the latest version of Java Runtime Environment (JRE) 6 update 3. Choose Free Java Download Close any programs you may have running and follow the prompts. After that Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. ===================== Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu ============================================ Please then do an online scan with Kaspersky WebScanner (This scanner is for use with internet explorer only) Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. ============================= PLease post back with these logs: Kaspersky log New Hijackthis log

Stomp1 View Member Profile	Nov 5 2007, 09:40 AM Post #7
New Member Posts: 8 OS: XP	Hi Kahdah, I encountered some problems when I did the scanning via Kespersky. The scan was halted in Adobe Stock Photo for a few hours. I cancelled the first scan and did it the second time and the same happened. It halted at 25% showing reading at Adobe Stock Photo (Adobe Bridge). Attached is the snapshot for your reference. Please advice the course of action for this. Should I uninstall Adobe Stock Photo/Bridge? Thanks, Stomp1 Attached File(s) Doc1.doc ( 174K ) Number of downloads: 14

kahdah View Member Profile	Nov 5 2007, 06:10 PM Post #8
GeekU Teacher Posts: 13,397 From: Florida OS: Windows xp,Vista business	You can uninstall it if you don't mind.(Just temporarily) It may be the only way to properly scan your computer. Make sure to get your license key so you can reinstall it. You can redownload it from the Adobe site. Try it again after that please.

Stomp1 View Member Profile	Nov 5 2007, 11:10 PM Post #9
New Member Posts: 8 OS: XP	Hi Kahdah, I managed to pass 25% scanned at Kespersky but when it reached 99%, it halted at C:\WINDOWS\system32\oobe\msobshel.htm for hours. It just won't complete the 1% left. Since this is file is part of windows, I am unable to delete it. Any idea what would be the next available option for me? Thanks, Stomp1

kahdah View Member Profile	Nov 6 2007, 03:53 AM Post #10
GeekU Teacher Posts: 13,397 From: Florida OS: Windows xp,Vista business	If it got that far then that is fine do you have the log?

Stomp1 View Member Profile	Nov 6 2007, 10:39 PM Post #11
New Member Posts: 8 OS: XP	Hi Kahdah, That is exactly the problem. The log report won't pop up unless Kespersky complete a 100% scan? Unless, there is another way to get this report, maybe it is stored somewhere on the 99% scan, do let me know. Thanks. Regards, Myra

kahdah View Member Profile	Nov 7 2007, 03:53 AM Post #12
GeekU Teacher Posts: 13,397 From: Florida OS: Windows xp,Vista business	When it get's to tyhat point click on stop. Then it should popup giving you an option to save it.

Stomp1 View Member Profile	Nov 7 2007, 09:59 PM Post #13
New Member Posts: 8 OS: XP	Hi Kahdah, Thank you for your patience. It is strange that now I am able to complete the 100% scan at Kaspersky. Attached here is the kaspersky log and new hijackthis log as requested. Kespersky Log: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, November 08, 2007 11:54:17 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/11/2007 Kaspersky Anti-Virus database records: 453728 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ Q:\ Scan Statistics: Total number of scanned objects: 79395 Number of viruses found: 5 Number of infected objects: 10 Number of suspicious objects: 0 Duration of the scan process: 01:16:41 Infected Object Name / Virus Name / Last Action C:\9267a8617378d9a8b2daff\$shtdwn$.req Object is locked skipped C:\9267a8617378d9a8b2daff\mrt.exe Object is locked skipped C:\9267a8617378d9a8b2daff\mrtstub.exe Object is locked skipped C:\db88a8d408147e526b38f155\mrt.exe Object is locked skipped C:\db88a8d408147e526b38f155\mrtstub.exe Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\Benetton\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Benetton\Desktop\My File\Software\AVG.v7.5.490.Anti-Virus Professional Edition.Incl.Keygen-FULL\avg_7.5.x_keygen.exe Infected: Trojan-Dropper.Win32.Agent.clt skipped C:\Documents and Settings\Benetton\Desktop\My File\Software\Slysoft AnyDVD 6.1.7.4 Final __KEY\SetupAnyDVD6174.exe Infected: Trojan.Win32.Chifrax.a skipped C:\Documents and Settings\Benetton\Desktop\My File\Software\Windows.Vista.Activation.Crack\Windows.Vista.Activation.Crack.zip/Windows.Vista.Activation.Crack/install.exe Infected: not-virus:Hoax.Win32.Agent.p skipped C:\Documents and Settings\Benetton\Desktop\My File\Software\Windows.Vista.Activation.Crack\Windows.Vista.Activation.Crack.zip 7-Zip: infected - 1 skipped C:\Documents and Settings\Benetton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Benetton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Benetton\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Benetton\Local Settings\History\History.IE5\MSHist012007110820071109\index.dat Object is locked skipped C:\Documents and Settings\Benetton\Local Settings\Temp\Perflib_Perfdata_ee8.dat Object is locked skipped C:\Documents and Settings\Benetton\Local Settings\Temp\~DF4F78.tmp Object is locked skipped C:\Documents and Settings\Benetton\Local Settings\Temp\~DF4F83.tmp Object is locked skipped C:\Documents and Settings\Benetton\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Benetton\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Benetton\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Benetton\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Myra\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Myra\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\PC Solution File\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\PC Solution File\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\PC Solution File\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Program Files\BitTorrent\gossip.girl.s01e07.hdtv.xvid-xor.[VTV].avi Object is locked skipped C:\Program Files\BitTorrent\Hostel-Part.2[2007][Unrated.Edition]DvDrip.AC3[Eng]-aXXo\Hostel-Part.2[2007][Unrated.Edition]DvDrip.AC3[Eng]-aXXo.avi Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{30DD81CB-0D10-4DDE-A5BA-94D67265A2AB}\RP129\change.log Object is locked skipped C:\System Volume Information\_restore{30DD81CB-0D10-4DDE-A5BA-94D67265A2AB}\RP99\A0022642.EXE/data0000.cab/rBot.exe Infected: Backdoor.Win32.Ciadoor.gn skipped C:\System Volume Information\_restore{30DD81CB-0D10-4DDE-A5BA-94D67265A2AB}\RP99\A0022642.EXE/data0000.cab Infected: Backdoor.Win32.Ciadoor.gn skipped C:\System Volume Information\_restore{30DD81CB-0D10-4DDE-A5BA-94D67265A2AB}\RP99\A0022642.EXE Rsrc-Package: infected - 2 skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. New HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:54 AM, on 11/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3827159811-3825654406-3671572164-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Myra') O4 - HKUS\S-1-5-21-3827159811-3825654406-3671572164-1006\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User 'Myra') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 8203 bytes

kahdah View Member Profile	Nov 7 2007, 10:16 PM Post #14
GeekU Teacher Posts: 13,397 From: Florida OS: Windows xp,Vista business	You are welcome ============= Please re-open Hijackthis and place a check mark next to these entries listed below: O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) Now click on Fix checked and then close Hijackthis. =================================== Using Windows Explorer (to get there right-click your Start button and go to "Explore") Delete these folders/files listed below: C:\Documents and Settings\Benetton\Desktop\My File\Software\AVG.v7.5.490.Anti-Virus Professional Edition.Incl.Keygen-FULL C:\Documents and Settings\Benetton\Desktop\My File\Software\Windows.Vista.Activation.Crack C:\Documents and Settings\Benetton\Desktop\My File\Software\Slysoft AnyDVD 6.1.7.4 Final __KEY C:\PC Solution File\SmitfraudFix.exe Now close Windows Explorer. (If you cannot delete these files try booting into safe mode to delete them) After that you can delete any other tools that I had you use then empty your recycle bin. ========================================================= Then I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. Click on Start Right-click My Computer Click Properties Click the System Restore tab Check Turn off System Restore Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. Click on Start Right-click My Computer Click Properties UN-Check Turn off System Restore* Check Turn on System Restore Click Apply, and then click OK. How to Turn On and Turn Off System Restore in Windows XP http://support.microsoft.com/default.aspx?...kb;en-us;310405 ============================================ After that Your log is clean. The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. Spyware Blaster* - Great prevention tool to keep nasties from installing on your system. Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place. IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Castle Cops To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. If you have any further problems please feel free to contact G2Go. This post has been edited by kahdah: Nov 7 2007, 10:17 PM

Stomp1 View Member Profile	Nov 9 2007, 10:42 AM Post #15
New Member Posts: 8 OS: XP	Hi Kahdah, Thank you so much for all your help and also for the additional tips on keeping my system clean. I truly appreciate this. My system is now running a lot faster than it used to. After completing the final instructions, attached the final hijackthis file to double confirm that everything is ok. Just out of curiosity, if say I didn't go through what I have done for the past few days when my machine was infected by malware and I did a system reformat instead, will the malware be gone or it will still be in my computer after reformating. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:27 AM, on 11/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 7775 bytes

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal warning! potential spyware operation malware [RESOLVED] 12	18 / 5,563	11th October 2007 - 06:43 AM num.1 started - last by Stamper19
Virus, Spyware and Trojan Removal Help with Security Alert "Warning! Potential Spyware Operatio	5 / 1,016	22nd October 2007 - 12:50 PM TheMany41 started - last by Essexboy
Virus, Spyware and Trojan Removal > Help with Security Alert "Warning! Potential Spyware Ope 12	16 / 1,037	12th April 2008 - 10:33 PM coolcricket started - last by kahdah
Virus, Spyware and Trojan Removal Please Help! .."Warning! Potential Spyware Operation!	2 / 531	4th January 2008 - 01:36 PM dxbdude started - last by don77