Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Running Slow/Websites Loading Slow

Started by TaraLeigh75 , Nov 29 2006 10:36 PM

  • This topic is locked This topic is locked

#1
TaraLeigh75
Posted 29 November 2006 - 10:36 PM

TaraLeigh75

    Member

  • Member
  • PipPip
  • 68 posts
I've run RegistryFix, AVG and AVGspyware and found a few errors.

When I have more than two programs open, my system gets bogged down and my computer asks me to increase my virtual memory. It's already at the max level 1515MB.

The programs I'm using are not 'memory hogs.' They are Word, Outlook and Firefox. These three programs should not be using this much memory.

Websites seem to be taking too long to load. I have a high connection fee. 54Mbs with Excellent connectivity through a wireless router. When websites load, along the bottom of the firefox window I see websites loading that I'm not on, which bogs down my system and the website.

These are a few of the things I noticed. I hope it helps in some way.

System Info:

Intel Pentium M
1.70GHz
593 MHz, 504MB of RAM

Microsoft Windows XP, Home Edition, Version 2002, Service Pack 2






Logfile of HijackThis v1.99.1
Scan saved at 11:20:25 PM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1150085877\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Inbox\CToolbar.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tara Coons\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bonjovi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bonjovi.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar1.dll
O3 - Toolbar: &Inbox Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150085877\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=zuzeb004YYUS
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge...geUploader3.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

Edited by TaraLeigh75, 29 November 2006 - 10:38 PM.

  • 0

Advertisements

#2
Crustyoldbloke
Posted 05 December 2006 - 10:39 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Tara and welcome to Geeks to Go

Apologies for your wait, malware has been very busy lately.

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite an unusual log showing a mixture of malware and Trojans and possibly including the Wareout infection. Let’s see what we can do.

Firstly could you please disable Windows Defender from running during the fix, it may just hinder our attempts to change anything. Open Windows Defender, click Tools, click Options, under Real-time protection options, clear the Use real-time protection check box, click Save

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
combofix.exe
FixWareout

Open FixWareout. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Please open, and update AVG Anti Spyware
  • Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close AVGas. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

  • In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: &Inbox Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=zuzeb004YYUS
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll

Now close all windows other than HiJackThis, then click Fix Checked.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

MyWebSearch
Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these folders (if present) using Windows Explorer:

C:\PROGRA~1\Inbox\
C:\Program Files\MyWebSearch\

Close Windows Explorer and Reboot normally

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\PROGRA~1\Inbox\CToolbar.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\PROGRA~1\Inbox\ctbr.dll
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the Windows tab, and under the heading of Applications, Utilities uncheck AVGas Anti-Spyware then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (4 logs in total please).
  • 0

#3
TaraLeigh75
Posted 05 December 2006 - 10:27 PM

TaraLeigh75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Thank you so much for getting back to me.
I understand the board is really busy....hense waiting for five days to make myself a nuisance. :blink:
hehe

J/K

Okay...got a look at all that you need me to do and nearly passed out! :whistling:
I knew something wasn't right on my system!!!

Okay...I'll get to work and get back to you as soon as I follow your directions.
THANK YOU in advance!
  • 0

#4
Crustyoldbloke
Posted 06 December 2006 - 02:39 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
No problem. Please note that I have a system which, after 10 days of inactivity, closes the thread and sends you a reminder.
  • 0

#5
TaraLeigh75
Posted 06 December 2006 - 08:16 AM

TaraLeigh75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Okay 2 issues I ran into last night....

When deleting MyWebSearch---
Error Deleting File or Folder
Cannot delete M3OUTLCN.DLL: Access is denied
Make sure the disk is not full or write-protected
And that the file is not currently in use.


Trying to run the KillBox.
When I do the paste from clipboard and then click the red circled x I get this:
You have not Specified any File to Delete, You must Specify a File Path in the Yellow Box


Please help!
  • 0

#6
Crustyoldbloke
Posted 06 December 2006 - 09:28 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

I have no idea why Killbox is not working for you, but we can get round that easily enough. By doing the first part of deleting the folders, you should not be able to find the files afterwards, but I am going to leave the fix as it is just in case of any difficulty, or duplication of folders.

Please reboot your computer into Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

Please delete these folders (if present) using Windows Explorer:

C:\PROGRA~1\Inbox\
C:\Program Files\MyWebSearch\

Please delete these files (if present) using Windows Explorer:

C:\PROGRA~1\Inbox\CToolbar.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\PROGRA~1\Inbox\ctbr.dll
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

Close Windows Explorer and Reboot normally.

Hopefully, you were able to perform the deletions.
  • 0

#7
TaraLeigh75
Posted 06 December 2006 - 07:42 PM

TaraLeigh75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Okay...I did as asked and managed to put together all the reports you requested. Boy there's a lot of info here. I hope everything was done correctly.

Thank you again for all of your help.


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

REPORT 1

---------------------------------------------------------
Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.121:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.122:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.123:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.124:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.125:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.126:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.127:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.128:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.129:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.130:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.131:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.132:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.133:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.134:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.135:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.136:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.137:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.138:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.139:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.140:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.141:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.142:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.392:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.463:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.626:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.830:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.863:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.93:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.94:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.95:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.96:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.97:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.98:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.99:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.156:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.157:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.158:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.161:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.162:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.163:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.164:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.165:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.166:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.167:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.168:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.169:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.911:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.912:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.369:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.370:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.371:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.372:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.373:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.374:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.236:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.31:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.560:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.853:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Bluemountain : No action taken.
:mozilla.407:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.864:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.865:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.866:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.443:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.439:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.440:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.586:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.587:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.588:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.589:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.590:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.393:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.751:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.752:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.486:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.591:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.144:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.873:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.936:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.944:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.845:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.451:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.452:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.453:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.456:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.171:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.172:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.173:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.174:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.175:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.176:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.177:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.245:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.263:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.269:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.395:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.544:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.581:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.187:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.188:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.189:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.570:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.571:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.617:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.618:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.619:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.620:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.621:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.622:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.295:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.296:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.297:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.298:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.299:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.300:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.301:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.277:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.462:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.464:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.484:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.702:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.705:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.706:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.215:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.216:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.723:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.724:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.238:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.239:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.241:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.737:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.738:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.739:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.740:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.805:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.806:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.408:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.409:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.410:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.860:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
:mozilla.935:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.206:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.207:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.208:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.209:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.210:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.211:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.212:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.213:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.214:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara [email protected][2].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.854:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.855:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.856:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.857:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.858:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.859:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.843:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.844:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.278:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.251:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.252:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.253:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.254:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.255:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.256:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.257:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.258:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.259:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.260:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.261:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.441:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.442:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.472:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.280:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.411:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.412:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.413:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.414:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.415:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.416:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.417:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.25:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.26:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.27:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.28:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.29:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.30:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Tara Coons\Cookies\tara coons@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.745:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.746:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.493:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.47:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.48:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.49:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.50:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.51:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.52:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.53:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.54:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.55:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.56:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.203:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.204:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.205:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


REPORT 2

Logfile of HijackThis v1.99.1
Scan saved at 8:39:38 AM, on 12/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Tara Coons\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar1.dll
O3 - Toolbar: &Inbox Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150085877\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=zuzeb004YYUS
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge...geUploader3.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

REPORT 3

Tara Coons - 06-12-06 20:23:41.14 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Tara Coons\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))


2006-12-06 20:17 <DIR> dr-h----- C:\Documents and Settings\Tara Coons\Recent
2006-12-06 20:12 <DIR> d-------- C:\Program Files\CCleaner
2006-12-06 09:09 <DIR> d-------- C:\!KillBox
2006-12-06 00:14 <DIR> d-------- C:\fixwareout
2006-12-05 23:38 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-01 21:51 <DIR> d-------- C:\Program Files\iPod
2006-12-01 21:45 <DIR> d-------- C:\Program Files\Apple Software Update
2006-12-01 20:43 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-01 20:43 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-01 20:21 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-01 20:21 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-01 20:18 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-01 20:16 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-01 20:14 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-29 23:10 <DIR> d-------- C:\Program Files\RegistryFix
2006-11-24 20:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-13 02:27 139,264 --a------ C:\WINDOWS\system32\UStorSrv.exe
2006-11-13 02:27 139,264 --a------ C:\WINDOWS\system32\OPDSL.DLL
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-06 20:22 -------- d-------- C:\Program Files\Yahoo!
2006-12-06 20:15 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-06 19:53 -------- d-------- C:\Documents and Settings\Tara Coons\Application Data\Skype
2006-12-01 21:51 -------- d-------- C:\Program Files\iTunes
2006-12-01 21:49 -------- d-------- C:\Program Files\QuickTime
2006-12-01 20:43 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-01 20:43 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-01 20:43 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-01 20:32 -------- d-------- C:\Program Files\Internet Explorer
2006-11-24 20:44 -------- d-------- C:\Program Files\Grisoft
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 04:31 -------- d-------- C:\Program Files\OverDrive Media Console
2006-11-03 20:30 -------- d-------- C:\Program Files\eMule
2006-11-03 20:27 -------- d-------- C:\Program Files\PFConfig
2006-10-31 21:49 -------- d-------- C:\Program Files\AOL
2006-10-31 21:49 -------- d-------- C:\Program Files\AOD
2006-10-31 21:48 -------- d-------- C:\Program Files\Flock
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 15:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-13 0
  • 0

#8
TaraLeigh75
Posted 06 December 2006 - 07:47 PM

TaraLeigh75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
REST OF REPORT 3

2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 15:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Register Homesite+.exe"="\"C:\\Program Files\\Macromedia\\HomeSite+\\Homesite+.exe\" /REGSERVER"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,de,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Audible Download Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Audible Download Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Audible\\Bin\\ADHelper.exe /Startup"
"item"="Audible Download Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tara Coons^Start Menu^Programs^Startup^Webshots.lnk]
"path"="C:\\Documents and Settings\\Tara Coons\\Start Menu\\Programs\\Startup\\Webshots.lnk"
"backup"="C:\\WINDOWS\\pss\\Webshots.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Webshots\\Launcher.exe /t"
"item"="Webshots"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EabServr"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ClientGW"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\eSnips\\ClientGW.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1150085877\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Wireless Assistant"
"hkey"="HKLM"
"command"="\"%ProgramFiles%\\HPQ\\HP Wireless Assistant\\HP Wireless Assistant.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="point32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-06 20:25:03.81
C:\ComboFix.txt ... 06-12-06 20:25



!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!



REPORT 4



Logfile of HijackThis v1.99.1
Scan saved at 8:30:13 PM, on 12/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tara Coons\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=zuzeb004YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge...geUploader3.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
  • 0

#9
Crustyoldbloke
Posted 07 December 2006 - 03:08 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Tara

This post will probably cause you to take offence and not reply, but that's a chance I have to take. Basically nothing has changed on your system and since these fixes are tried and tested many thousands of times over, it must boil down to something you have or have not done.

I can't check the FixWareout log as it was not posted. The first of your logs is from AVGas. If you look at the log you will see that all the bad files found are still on your PC because you told the programme to “take no action” whereas the instruction was for you to "quarantine" everything found. Please run AVGas again but first reread the instructions.

Please also do the HijackThis fix again as all the bad entries are still present. Please pay particular attention to the disabling of Windows Defender because it will just reverse any changes made if left alone and enabled.

The one thing I could discern from the ComboFix log was that you also need to run MSconfig, as quite a few start ups have been disabled.

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK

Under the "General" Tab

Ensure "Normal Startup-load all device drivers and services" is checked.

Click Apply->OK->Follow the prompts to Restart

Please redo the fix as per my original post and post back, AVGas log, FixWareout log and a fresh HJT log from normal mode.
  • 0

#10
TaraLeigh75
Posted 07 December 2006 - 07:48 AM

TaraLeigh75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hmmmm.
I did ask it to Quarantine as you advised. Not sure why it didn't work.
I went in and pulled everything that I would have done with the Killbox and they WERE NOT listed in my files.
*sigh*
But I will redo the whole thing again tonight.

I'm not offended. I'm tech savvy, but definitely not a techie...so I must have simply done something wrong.

I'll have the CORRECT reports for you when I'm finished.
I made sure to save them as the files numbered to make sure I didn't make a mistake, but again...something must have been screwed up in the end.

Sorry to waste your time.
  • 0

Advertisements

#11
Crustyoldbloke
Posted 07 December 2006 - 08:25 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Please do not think you have wasted my time, you haven't. One other thing springs to mind, that being do you definitely have administrator status with your account, and are there any other accounts in normal mode?
  • 0

#12
TaraLeigh75
Posted 07 December 2006 - 10:30 PM

TaraLeigh75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Let's hope I did it right this time.

Report 1

Fixwareout
Last edited 12/06/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.




Report2

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:48:03 PM 12/7/2006

+ Scan result:



C:\Program Files\BearShare\BearShareZangoInstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP436\A0036824.ocx -> Adware.Gdown : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP436\A0036818.dll -> Adware.Minibug : Cleaned.
C:\Documents and Settings\Tara Coons\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.40:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.61:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.28:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Tara Coons\Application Data\Mozilla\Firefox\Profiles\1xupfw2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end




Report 3


Tara Coons - 06-12-07 23:21:25.96 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Tara Coons\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-07 to 2006-12-07 ))))))))))))))))))))))))))))))))))


2006-12-07 23:20 <DIR> dr-h----- C:\Documents and Settings\Tara Coons\Recent
2006-12-07 20:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-12-06 20:12 <DIR> d-------- C:\Program Files\CCleaner
2006-12-06 09:09 <DIR> d-------- C:\!KillBox
2006-12-06 00:14 <DIR> d-------- C:\fixwareout
2006-12-05 23:38 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-01 21:51 <DIR> d-------- C:\Program Files\iPod
2006-12-01 21:45 <DIR> d-------- C:\Program Files\Apple Software Update
2006-12-01 20:43 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-01 20:43 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-01 20:21 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-01 20:21 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-01 20:18 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-01 20:16 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-01 20:14 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-29 23:10 <DIR> d-------- C:\Program Files\RegistryFix
2006-11-24 20:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-13 02:27 139,264 --a------ C:\WINDOWS\system32\UStorSrv.exe
2006-11-13 02:27 139,264 --a------ C:\WINDOWS\system32\OPDSL.DLL
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-07 23:18 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-07 20:36 -------- d-------- C:\Documents and Settings\Tara Coons\Application Data\Skype
2006-12-07 20:11 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-12-07 20:09 -------- d-------- C:\Program Files\Sonic
2006-12-07 20:07 -------- d-------- C:\Program Files\Common Files
2006-12-07 20:06 -------- d-------- C:\Program Files\Webshots
2006-12-07 20:03 -------- d-------- C:\Program Files\Java
2006-12-06 20:22 -------- d-------- C:\Program Files\Yahoo!
2006-12-01 21:51 -------- d-------- C:\Program Files\iTunes
2006-12-01 21:49 -------- d-------- C:\Program Files\QuickTime
2006-12-01 20:47 -------- d-------- C:\Documents and Settings\Tara Coons\Application Data\AVG7
2006-12-01 20:43 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-01 20:43 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-01 20:43 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-01 20:32 -------- d-------- C:\Program Files\Internet Explorer
2006-11-24 20:44 -------- d-------- C:\Program Files\Grisoft
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 04:31 -------- d-------- C:\Program Files\OverDrive Media Console
2006-11-03 20:30 -------- d-------- C:\Program Files\eMule
2006-11-03 20:27 -------- d-------- C:\Program Files\PFConfig
2006-10-31 21:49 -------- d-------- C:\Program Files\AOL
2006-10-31 21:49 -------- d-------- C:\Program Files\AOD
2006-10-31 21:48 -------- d-------- C:\Program Files\Flock
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 15:21 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-13 15:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-13 15:19 -------- d-------- C:\Documents and Settings\Tara Coons\Application Data\Flock
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"Aim6"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"POINTER"="point32.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"hpWirelessAssistant"="\"%ProgramFiles%\\HPQ\\HP Wireless Assistant\\HP Wireless Assistant.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1150085877\\ee\\AOLSoftware.exe"
"eSnips"="\"C:\\Program Files\\eSnips\\ClientGW.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"ClientGW"=""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Register Homesite+.exe"="\"C:\\Program Files\\Macromedia\\HomeSite+\\Homesite+.exe\" /REGSERVER"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,de,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-07 23:22:44.62
C:\ComboFix.txt ... 06-12-07 23:22
C:\ComboFix2.txt ... 06-12-06 20:25




Report 4

Logfile of HijackThis v1.99.1
Scan saved at 11:29:33 PM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1150085877\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tara Coons\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150085877\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge...geUploader3.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe





Okay....let's hope I did it correctly this time.

Thanks for you time!
  • 0

#13
TaraLeigh75
Posted 07 December 2006 - 11:59 PM

TaraLeigh75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

Please do not think you have wasted my time, you haven't. One other thing springs to mind, that being do you definitely have administrator status with your account, and are there any other accounts in normal mode?



Oh and yes, I am Admin.
I am the only profile on the computer.
:blink:
Thanks for being kind.

:whistling:
  • 0

#14
Crustyoldbloke
Posted 08 December 2006 - 03:08 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Tara

That all looks a lot better. Just a couple of adjustments to make and with any luck you should be running normally again.

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Click on Fix Checked when finished and exit HijackThis.

Have a look for Viewpoint in the add and remove programmes in the control panel and uninstall it please.

Using Windows Explorer, delete this folder:

C:\Program Files\Viewpoint\

Exit Explorer, and reboot as normal afterwards.

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2006 Trial It is a 30-day free trial.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable your anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running after the reboot.

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor

Please post a fresh HJT log from normal for checking. How's the PC running now?
  • 0

#15
TaraLeigh75
Posted 08 December 2006 - 06:09 PM

TaraLeigh75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Okay....everything seems much faster.
No huge lags.
Thanks sooooooo much.


Last HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:07:41 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1150085877\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tara Coons\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150085877\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge...geUploader3.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP