Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

random cpu overload [RESOLVED]

Started by timathy , Apr 26 2007 05:01 AM

  • This topic is locked This topic is locked

#1
timathy
Posted 26 April 2007 - 05:01 AM

timathy

    Member

  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:46:18 PM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Digidesign\Drivers\MMERefresh.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\UltraMon\UltraMon.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\WINDOWS\system32\sistray.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\DOCUME~1\TIM\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {EE595C87-D29C-4687-A5AB-CEEDA4C2FA59} - D:\WINDOWS\msagent\abstfp.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [DigidesignMMERefresh] D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SysProtect Free] "D:\Program Files\SysProtect Free\USYP.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - D:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: abstfp - D:\WINDOWS\msagent\abstfp.dll (file missing)
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe




















µTorrent
3DMark03
Absolute MP3 Splitter version 2.4.1
Ad-Aware SE Personal
Adobe After Effects 6.5
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Premiere Pro
Adobe Reader 6.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced JPEG Compressor 5.0
Analog Channel
Antares Auto-Tune v4.39
Antares Avox 1.06
Apple Software Update
ASAPI Update
ATI Display Driver
Audioease Altiverb v5.4.9
AVG 7.5
AVG Anti-Spyware 7.5
Bandwidth Meter Pro 2.1 build 491
Boris Continuum Complete
Canon MP Drivers 7.0
Canon MP Navigator 1.1
Canon ScanGear Starter
Canon Utilities Easy-PhotoPrint
CANTOR 2
CCleaner (remove only)
Cdex version 1.30
Channel G
Chrome Tone
Codec Pack - All In 1 6.0.3.0
CoffeeCup Flash Form Builder - Registered
CompressorBank
ConvertXtoDVD 2.0.12
Cool MP3 Splitter
CoreVorbis Audio Decoder (remove only)
Digidesign Dynamics III 6.9
Digidesign Pro Tools® LE 6.4
Digidesign Shared Plug-Ins
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
D-Link DU-562M External Modem
DVD Shrink 3.2
DYNAM-IZER
Easy-WebPrint
FilterBank
FINIS
Flash Effect Maker Pro v3.3574 Free (574 Templates/Unicode UTF8
FLV Converter 3
Free Bomb Factory Plug-Ins
FREQUAL-IZER
Frohmage DX
Google Earth
Hijackthis 1.99.1
HijackThis 1.99.1
IBP & ARELIS 9.5.1
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Kaspersky Online Scanner
KORG Legacy Collection - DIGITAL EDITION v1.0.0
Legal Adder
Macromedia Dreamweaver 8
Macromedia Extension Manager
MAGIX music maker 11 demo (US)
Magneto v1.1
Massey Tape-Head (Remove only)
Mastercam X
MC2000
Microsoft .NET Framework 1.1
Microsoft Office 2000 Professional
Microsoft Office FrontPage 2003
Microsoft PowerPoint Viewer 97
Mozilla Firefox (1.5.0.11)
MuchTV
Nero Bruning Rom 6 Plug-In Pack 1.3.0 by MadHacker2k4 for www.goldesel.6x.to
Nero Media Player
Nero OEM
NeroVision Express 2
Nomad Factory Blue Tubes Bundle v2.0
Nomad Factory Blueverb v1.1
Nomad Factory EQP-4 v1.1
Nomad Factory LM-662
Nomad Factory SC-226
NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.0
Nomadfactory Liquid Bundle VST RTAS v2.1
OmniPage SE 2.0
Opcode fusion:FILTER 1.0
Opera
PACE System Files
Panda ActiveScan
PC DUAL SHOCK
PowerISO
PSP VintageWarmer v1.6.5
QuickTime
RealPlayer
Realtek AC'97 Audio
Roger Nichols Digital DYNAM-IZER VST RTAS v1.1
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Sonic Foundry XFX vol2 v1.0b
Sonic Foundry XFX vol3 v1.0b
Sonic Foundry XFX1 v1.0b
Sound Forge 5.0
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
SureThing CD Labeler - Stomper Edition 32 bit
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
Synth One
SysProtect 1.3.152.1
TC Native EQ v1.01 (DNV)
TC Native Reverb v1.5
Text-To-Speech-Runtime
Trendyflash Site Builder
UltraMon
UNIQUEL-IZER
VCDCutter
ViCAM Camera Utilities 6.8.5.8 (Remove only)
Video to Flash Converter
VideoLAN VLC media player 0.8.4a
Vodei Multimedia Processor 2.00
Wave Arts Power Suite
WaveMachine Labs Drumagog VST RTAS v4.02
Waves 4.0
Waves Diamond Bundle 4.05
Waves Guitar Tool Rack 2.0
Waves SSL 4000 Collection 1.1
Waves Znoise v1.0
WinAVIVideoConverter
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WinZip
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar






























Incident Status Location

Virus:trj/srchspy.a Disinfected Operating system
Adware:adware/vog Not disinfected d:\program files\internet explorer\winbrume.dat
Hacktool:HackTool/EvID Not disinfected C:\dummy stuff\DOWNLOAD.PHP[EvID4226Patch.exe]
Spyware:Cookie/YieldManager Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adtech Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Doubleclick Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Xiti Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.xiti.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/ErrorSafe Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Systemdoctor Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Apmebf Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/adultfriendfinder Not disinfected D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\TIM\Cookies\tim@casalemedia[2].txt
Potentially unwanted tool:Application/Processor Not disinfected D:\Documents and Settings\TIM\Desktop\virus programs\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected D:\Documents and Settings\TIM\Desktop\virus programs\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\Documents and Settings\TIM\Desktop\virus programs\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected D:\Documents and Settings\TIM\Desktop\virus programs\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Virus:Trj/Downloader.AQP Not disinfected D:\Prog Apps\divx-1.1.1.exe[dmxrvi.exe][mdbdev.exe]
Adware:Adware/MediaBack Not disinfected D:\Prog Apps\divx-1.1.1.exe[dmxrvi.exe][dhtmlcore.dll]
Adware:Adware/ClockSync Not disinfected D:\Prog Apps\divx-1.1.1.exe[VVSNInst.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\virus protection\SmitfraudFix\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected D:\virus protection\SmitfraudFix\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\virus protection\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected D:\virus protection\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\WINDOWS\system32\Process.exe
Adware:Adware/PsGuard Not disinfected D:\WINDOWS\w74ca5e40.tmp[PSGuard.exe]






















---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:59:39 AM 4/26/2007

+ Scan result:



D:\Program Files\Cowabanga\uninstaller.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
D:\Program Files\SysProtect Free\Activate.exe -> Adware.ErrorSafe : Cleaned with backup (quarantined).
D:\Program Files\SysProtect Free\FlFxr15.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca} -> Adware.Isearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a43385f0-7113-496d-96d7-b9b550e3fcca} -> Adware.Isearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-1580436667-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Cleaned with backup (quarantined).
D:\WINDOWS\system32\aoieivib.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
D:\Program Files\VSToolbar\VSToolBar.dll -> Adware.Searchcolours : Cleaned with backup (quarantined).
D:\Program Files\SysProtect Free\FWraper.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
D:\Program Files\SysProtect Free\FxCore.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
D:\Program Files\SysProtect Free\MMFx.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
D:\Program Files\SysProtect Free\PCheck.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).
D:\Program Files\SysProtect Free\InstHelp.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
D:\Program Files\SysProtect Free\Updater.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
D:\MAGIX\mm11_e-version\qmp2\MASD32.DLL -> Dropper.Mkar.e : Cleaned with backup (quarantined).
D:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
D:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
D:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
D:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
D:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\dummy stuff\download.php/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined).
:mozilla.739:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.310:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.311:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.312:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.313:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.324:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.889:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.116:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.117:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.720:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.886:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.369:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.370:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.519:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.520:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.521:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.522:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.523:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.524:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.52:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.456:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.457:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.458:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.459:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.460:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.717:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.564:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.565:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.569:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.55:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.90:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.768:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.909:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.484:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.839:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.840:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.239:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.240:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.241:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.242:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.767:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.71:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.884:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.815:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.816:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.230:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.234:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.237:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.514:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.515:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.516:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.104:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.105:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.107:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.108:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.109:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.110:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.111:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.716:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.680:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.681:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.682:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.918:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.195:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.198:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.199:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.842:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.544:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.545:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.546:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.836:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.837:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.901:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.902:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.924:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.925:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.926:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.327:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.328:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.834:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.838:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.421:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.835:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.249:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.843:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.844:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.594:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.595:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.596:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.563:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.566:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.567:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.568:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.570:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.395:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.396:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.397:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.398:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.399:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.400:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.401:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.402:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.403:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.404:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.405:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.406:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.407:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.408:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.841:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.183:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.184:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.185:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.186:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.187:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.188:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.189:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.190:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.191:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.192:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.193:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.45:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.46:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.47:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.48:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.49:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.50:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.496:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.497:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.498:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.499:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.922:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.923:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.112:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:D:\Documents and Settings\TIM\Application Data\Mozilla\Firefox\Profiles\bahr6rgr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:D:\Docu
  • 0

Advertisements

#2
racenutalways
Posted 28 April 2007 - 07:05 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hello timathy and welcome to G2G.

My name is racenutalways and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. I will be analyzing your log now, and be back with you as soon as possible!
  • 0

#3
timathy
Posted 28 April 2007 - 07:15 AM

timathy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
cool thanx since i posted the logs i have seen a problem there is a csrss.exe that seems to be using a lot of processing power i dont know if that helps you thanx again
  • 0

#4
racenutalways
Posted 29 April 2007 - 05:26 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hello timathy,

Important, HJT needs its own folder, that way it can create a Backup in case we ever need it.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
  • 0

#5
timathy
Posted 29 April 2007 - 11:00 AM

timathy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
there was no link for smitfraudfix.exe so i found it on google i hope i used the right one





Logfile of HijackThis v1.99.1
Scan saved at 2:57:52 AM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Digidesign\Drivers\MMERefresh.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\UltraMon\UltraMon.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\sistray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {EE595C87-D29C-4687-A5AB-CEEDA4C2FA59} - D:\WINDOWS\msagent\abstfp.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [DigidesignMMERefresh] D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SysProtect Free] "D:\Program Files\SysProtect Free\USYP.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - D:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: abstfp - D:\WINDOWS\msagent\abstfp.dll (file missing)
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe









VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 1:38:44 AM 4/30/2007

Listing files found while scanning....

D:\WINDOWS\msagent\abstfp.dll
D:\WINDOWS\msagent\pftsba.bak1
D:\WINDOWS\msagent\pftsba.bak2
D:\WINDOWS\msagent\pftsba.ini

Beginning removal...

Attempting to delete D:\WINDOWS\msagent\pftsba.bak1
D:\WINDOWS\msagent\pftsba.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\msagent\pftsba.bak2
D:\WINDOWS\msagent\pftsba.bak2 Has been deleted!

Attempting to delete D:\WINDOWS\msagent\pftsba.ini
D:\WINDOWS\msagent\pftsba.ini Has been deleted!

Performing Repairs to the registry.
Done!











SmitFraudFix v2.171

Scan done at 2:50:40.65, Mon 04/30/2007
Run from D:\Documents and Settings\TIM\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A3EE4041-C55C-42F7-92D6-5DD50CB639DF}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A3EE4041-C55C-42F7-92D6-5DD50CB639DF}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A3EE4041-C55C-42F7-92D6-5DD50CB639DF}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=203.2.75.132 198.142.0.51


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#6
racenutalways
Posted 30 April 2007 - 05:44 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hi timathy,

Rerun HJT and place a checkmark next to the following entries:

O2 - BHO: (no name) - {EE595C87-D29C-4687-A5AB-CEEDA4C2FA59} - D:\WINDOWS\msagent\abstfp.dll (file missing)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O20 - Winlogon Notify: abstfp - D:\WINDOWS\msagent\abstfp.dll (file missing)
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)

Post the results in your next reply. and let me know how things are running.


We need to update Java, it poses a security vulnerabilty:

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can manually update by going here:

http://www.java.com/en/download/manual.jsp

After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked

Downloaded Applets
Downloaded Applications
Other Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.
  • 0

#7
timathy
Posted 01 May 2007 - 12:08 AM

timathy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:38:27 PM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Digidesign\Drivers\MMERefresh.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\UltraMon\UltraMon.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\sistray.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [DigidesignMMERefresh] D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SysProtect Free] "D:\Program Files\SysProtect Free\USYP.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - D:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe






















seems to be running a bit better but not right i dont think i still see the csrss.exe in the task manager window processes tab using alot of cpu ?

ps cartmen is dope
  • 0

#8
timathy
Posted 01 May 2007 - 12:10 AM

timathy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
seems to be running a bit better but not right i dont think. I still see the csrss.exe in the task manager window processes tab using alot of cpu ?

ps cartmen is dope
  • 0

#9
racenutalways
Posted 02 May 2007 - 04:31 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hi timathy, you log looks clean. The Cpu usage isn't malware related. You may want to check http://support.microsoft.com/kb/555021, or post in our Windows XP, 2000, 2003, NT section.

Don't forget to update your Java.

Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free :whistling:

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Kerio

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitaly important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

To add to the performance of your computer, i suggest a weekly maintenance program. Run this tool. Ccleaner

Lastly a second opinion on the Antivirus that you have chosen. I suggest running these online virus scans periodically, just to make sure that the av is doing a proper job, of keeping you safe :

Rav Online Scan Housecall Online Scan Panda Activescan

Housecall Java Online Scan<---For those who use Firefox

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein and dvk01)

Good luck and safe surfing :blink:
  • 0

#10
Ryan
Posted 26 July 2007 - 06:20 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP