Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MyLittleSpy

Started by mattzigs , Feb 26 2007 01:05 AM

  • Please log in to reply

#1
mattzigs
Posted 26 February 2007 - 01:05 AM

mattzigs

    New Member

  • Member
  • Pip
  • 4 posts
Hi
I ran XoftSpySE free version and the scan alert was for Spyware.MyLittleSpy in C:\windows\system32\style.css (There was no report option as it is a free version) and this was confirmed by panda which reported one hacker tool/ rootkit. the hijack this log is below followed by the uninstall log and the panda report:

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 3:56:05 PM, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
F:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
f:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\PROGRA~1\Grisoft\avgamsvr.exe
F:\PROGRA~1\Grisoft\avgupsvc.exe
F:\PROGRA~1\Grisoft\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
f:\Program Files\Sandboxie\SandboxieServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
F:\PROGRA~1\Grisoft\avgcc.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
F:\Program Files\Circle\VirtualCD\HvcdUI.exe
F:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpyZooka\spyzooka.exe
F:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\stickies\stickies.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
F:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://au.my.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - f:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "f:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] f:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HekkoVirtualCD] F:\Program Files\Circle\VirtualCD\HvcdUI.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "f:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stickies.lnk = F:\Program Files\stickies\stickies.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: Ultra Wipe Launcher.lnk = F:\Program Files\RedStrike\UltraWipe\Launcher.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://f:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://f:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://f:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: LearnKey LTF Applet - file:///C:/WINDOWS/system32/lktest.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155698899078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AC980D1-D8FB-4681-AEC9-DEF0B33859F0}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - f:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SandboxU) - tzuk - f:\Program Files\Sandboxie\SandboxieServer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Uninstall Log:

100% Free Five Hundred 6.62
3D Home Architect Home Design SE 6
3ivx D4 4.5.1 Decoder (remove only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Alpha Five V5 - Home Edition
Ashampoo Burning Studio 2005
Ashampoo Burning Studio 2007
Audacity 1.2.5
AVG Anti-Spyware 7.5
AVG Free Edition
Click-N-Type
dataHQ
EasyCleaner
Free Download Manager 2.1
Free eXPert PDF Reader
GIMPshop .1 beta
Google Earth
GTK+ 2.6.9 runtime environment
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
InCD
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iTunes
J2SE Runtime Environment 5.0 Update 10
Lexmark X1100 Series
LSM 0.83b
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 7.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.5.0.1)
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.2)
Mozilla Thunderbird (1.0.7)
mp3-2-wav converter 1.14
NETGEAR WG311v3 PCI Adapter
NVIDIA Drivers
OpenOffice.org 2.0
Options Oracle 1.06
Panda ActiveScan
Paragon Exact Image 7.0 Special Edition
PDF Splitter And Merger
PowerQuest PartitionMagic 8.0
PrimoPDF
QuickTime
Registry Patrol v3.0
Sandboxie version 2.64
Security Task Manager 1.7
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Shockwave
Simply Safe Backup Free Edition
Skype 2.5
SoundMAX
SpeedFan (remove only)
SpywareBlaster v3.5.1
SpyZooka
Stickies 5.2b
SUPERAntiSpyware Free Edition
SyncBack
The GIMP 2.2.9
The Journey to Wild Divine
UltraWipe
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB931836)
USB Storage Driver
Visual Thought 1.4
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
XoftSpySE
XPMedic
ZipGenius 6 (6.0.2.1060)
ZoneAlarm

Panda report:


Incident Status Location

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[server.iad.liveperson.net/hc/12138912]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[server.iad.liveperson.net/hc/12138912]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[ad.sensismediasmart.com.au/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.realmedia.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.atwola.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.ccbill.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.drivecleaner.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.maxserving.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.toplist.cz/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[ad.sensismediasmart.com.au/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[searchportal.information.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[stats.drivecleaner.com/]
Spyware:Cookie/GoStats Not disinfected E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.gostats.com/]
Spyware:Cookie/DriveCleaner Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt[www.drivecleaner.com/]
Spyware:Cookie/Atwola Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.atwola.com/]
Spyware:Cookie/GoStats Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Toplist Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tucows Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.tucows.com/]
Spyware:Cookie/WebPower Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[ad.sensismediasmart.com.au/]
Spyware:Cookie/DomainSponsor Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[landing.domainsponsor.com/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected F:\Program Files\mozilla\firefox\plugins\NPMyGlSh.dll


If someone could help me remove this threat I would be much appreciative. Thanks in advance.

Cheers Matt
  • 0

Advertisements

#2
silencedmessage
Posted 29 March 2007 - 09:35 PM

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi mattzigs,

Welcome to GeeksToGo! I am so horribly sorry that you had to wait this long! :whistling: With a forum this busy, sometimes people "slip through the cracks"

I will be helping you with your malware problems. Since malware changes at a very rapid rate, please post a fresh HijackThis log and a fresh Uninstall list.

Also, just a note on XSoftSpy... It was once listed as a rouge anti-spyware aplication, meaning that it was just a goad for you to spend your money. It has since been delisted, but we tend to not trust the previous abusers. I recommend that you uninstall it by going to Start > Control panel > add/remove programs. spyzooka was also listed at one point in time, but it was only listed due to concerns with false/positives which were quickly resolved. There are plenty of great free (and full featured) alternatives out there, and if you would like, I could give you some recommendations. I see you already have AVG Anti-Spyware, which is a great one in my opinion! :blink:

Please post the fresh HijackThis log and Uninstall list and we will get right to business. Once again, I am really sorry that you had to wait so long!!!

-Silenced Message
  • 0

#3
mattzigs
Posted 05 April 2007 - 07:55 PM

mattzigs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Silenced Message, thanks for getting back to me :whistling:

I redid all of the scans in the how to section, There is a report for AVGAS and Panda, SuperAntiSpyware found nothing and AVGAS quarantined everything it found but I'll include it below:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:20:59 PM 5/04/2007

+ Scan result:



:mozilla.77:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.78:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.79:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.366:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.367:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.368:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.689:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.690:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.691:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.745:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.746:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.747:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.166:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Idot : Cleaned.
:mozilla.426:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Idot : Cleaned.
:mozilla.488:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Idot : Cleaned.
:mozilla.138:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.139:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.168:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.169:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.190:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.191:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.22:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.23:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.40:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.41:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.119:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.37:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.505:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.78:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.97:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.207:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.208:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.209:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.229:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Real : Cleaned.
:mozilla.230:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Real : Cleaned.
:mozilla.231:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Real : Cleaned.
:mozilla.252:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.253:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.254:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.318:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Real : Cleaned.
:mozilla.319:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Real : Cleaned.
:mozilla.329:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.330:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.519:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.520:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.521:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.576:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.577:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.578:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.273:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.274:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.275:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.276:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.29:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\files backup\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.30:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\files backup\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.31:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\files backup\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.541:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.542:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.543:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.544:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.598:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.599:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.600:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.601:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.553:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.610:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.780:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.837:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.302:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.588:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.646:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.301:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.302:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.303:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.79:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.80:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.81:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.287:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.298:E:\RECYCLER\S-1-5-21-2052111302-1606980848-682003330-500\De2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.404:C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.744:F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.801:C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume1\Documents and Settings\matt c\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume1\Documents and Settings\matt c\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end




xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Panda ActiveScan



Incident Status Location

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[server.iad.liveperson.net/hc/12138912]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[server.iad.liveperson.net/hc/12138912]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[ad.sensismediasmart.com.au/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgwkkby1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.realmedia.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.atwola.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.ccbill.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.drivecleaner.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.maxserving.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.toplist.cz/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[ad.sensismediasmart.com.au/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[searchportal.information.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\LocalService\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[stats.drivecleaner.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[ad.sensismediasmart.com.au/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.atwola.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.maxserving.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.toplist.cz/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.tucows.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[.webpower.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\matt c\Application Data\Sandbox\DefaultBox\Device\HarddiskVolume2\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt.moztmp[landing.domainsponsor.com/]
Spyware:Cookie/DriveCleaner Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies (1).txt[www.drivecleaner.com/]
Spyware:Cookie/Com.com Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[ad.sensismediasmart.com.au/]
Spyware:Cookie/Atwola Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.atwola.com/]
Spyware:Cookie/GoStats Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Tucows Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.tucows.com/]
Spyware:Cookie/WebPower Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[.xiti.com/]
Spyware:Cookie/DomainSponsor Not disinfected F:\My Documents\pc\software\firefox\working firefox profile\5gwrs9dc.default\cookies.txt[landing.domainsponsor.com/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected F:\Program Files\mozilla\firefox\plugins\NPMyGlSh.dll


HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 9:40:39 AM, on 6/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
F:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
f:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\PROGRA~1\Grisoft\avgamsvr.exe
F:\PROGRA~1\Grisoft\avgupsvc.exe
F:\PROGRA~1\Grisoft\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
f:\Program Files\Sandboxie\SandboxieServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
F:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
F:\PROGRA~1\Grisoft\avgcc.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpyZooka\spyzooka.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
F:\Program Files\stickies\stickies.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://au.my.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - f:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] f:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "f:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stickies.lnk = F:\Program Files\stickies\stickies.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://f:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://f:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://f:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: LearnKey LTF Applet - file:///C:/WINDOWS/system32/lktest.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155698899078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AC980D1-D8FB-4681-AEC9-DEF0B33859F0}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - f:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SandboxU) - tzuk - f:\Program Files\Sandboxie\SandboxieServer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



HijackThis Uninstall List

100% Free Five Hundred 6.62
3D Home Architect Home Design SE 6
3ivx D4 4.5.1 Decoder (remove only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Alpha Five V5 - Home Edition
Ashampoo Burning Studio 2005
Ashampoo Burning Studio 2007
Audacity 1.2.5
AVG Anti-Spyware 7.5
AVG Free Edition
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Click-N-Type
dataHQ
EasyCleaner
Free Download Manager 2.1
Free eXPert PDF Reader
GIMPshop .1 beta
Google Earth
GTK+ 2.6.9 runtime environment
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
InCD
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iTunes
J2SE Runtime Environment 5.0 Update 10
Lexmark X1100 Series
LSM 0.83b
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 7.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.5.0.1)
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.3)
Mozilla Thunderbird (1.0.7)
mp3-2-wav converter 1.14
NETGEAR WG311v3 PCI Adapter
NVIDIA Drivers
OpenOffice.org 2.0
Options Oracle 1.06
Panda ActiveScan
Paragon Exact Image 7.0 Special Edition
PDF Splitter And Merger
PowerQuest PartitionMagic 8.0
PrimoPDF
QuickTime
Registry Patrol v3.0
Sandboxie version 2.64
Security Task Manager 1.7
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Shockwave
Simply Safe Backup Free Edition
Skype 2.5
SoundMAX
SpeedFan (remove only)
SpywareBlaster v3.5.1
SpyZooka
Stickies 5.2b
SUPERAntiSpyware Free Edition
SyncBack
The GIMP 2.2.9
The Journey to Wild Divine
UltraWipe
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
USB Storage Driver
Visual Thought 1.4
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
XoftSpySE
XPMedic
ZipGenius 6 (6.0.2.1060)
ZoneAlarm



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Thanks again for taking time to look at my case

Cheers Matt
  • 0

#4
silencedmessage
Posted 06 April 2007 - 01:34 AM

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi again mattzigs :help:

After looking through your logs, all that really shows is cookies, which are harmless. ATF cleaner is a great way to clear out your cookies, and will also help keep your system going faster. :whistling:

There was one item that was found by Panda that is an optional removal. It is a file put in by MyWebSearch which is of questionable nature. If you do not want it on your pc:

Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

F:\Program Files\mozilla\firefox\plugins\NPMyGlSh.dll

After that, reboot.

Other than that, your logs are sparkling clean! :blink:

Are there currently any issues with how the computer is running? If not, I will give you some tips on how to prevent malware (one will also block 90% of those cookies) :help:

-Silenced Message
  • 0

#5
mattzigs
Posted 06 April 2007 - 03:42 AM

mattzigs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks Silenced Message,

I will get rid of the MyWebSerach, and thanks for all the tips.

There is one thing, my pc is running exceptionally slow, I have tried defrag and disk cleanup but it hasn't helped. Do you have any tips for that?

Other than that, it's a relief not to have a keylogger - must have been one of those false positives for Xoft!!

Thanks again

Cheers Matt
  • 0

#6
silencedmessage
Posted 06 April 2007 - 12:01 PM

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi again Mattzigs :help:

Good to hear that slowness is the only problem. There are a few things we could do to help resolve that. :whistling:

One thing I like to use is Tune-up Utilities. There is a free 30 day trial. There are a lot of great features in this tool, which can help boost your system's performance.

Another thing you could consider doing is turning off the active guard for a couple of your anti-spyware programs. You have windows defender, SpyZooka, and SUPERAtinSpyware running all at once. This may be a little over-kill and could possibly be slowing down your system.

And now some prevention tip! :blink:

Now that you are clean, here are a few suggestions that I give EVERYONE. It is very possible that you may already have one or more of these tools from the course of our fix. If you do, please ignore it, as you already have it! Just take a look through, and remember, these are only recommendations! :)

MVP Hosts - This will block out a great deal of sites that are known for dishing out malware. Either follow the directions on that page, or simply download the zip, extract it, and run the .bat file! This will also block many many advertising sites. Check back now and again to see if you should re-download it because it is constantly updated.

Firefox and Opera are both excellent alternatives to Internet Explorer. They are faster, more stable, and reduce your risk to infection.

ATF Cleaner by Atribune. Run this program regularly to keep your computer fast and save precious disk space.

Keep your Java up to date!!! - Many different forms of malware exploit older versions of Java. Check back to that site often to see if you have the latest version. The auto-update feature is known for not alerting you to new updates, so don't rely on it. Also, it is very important that you uninstall any old versions that you have after updating.

Keep Windows up to date - Go here often to make sure you have all the latest windows updates. They are very important for the secure running of your PC.

Once again, it has been a pleasure working with you and thanks for stopping by! Feel free to check out all the other sections of the forum we have to offer! :help:

If you have anymore questions or concens, feel free to ask. :)

-Silenced Message
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP