Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Spyware / Virus Removal » Daughter's slow, HJT
Register Calendar Gallery Mark Forums Read

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
Page 1 of 2 1 2 >
 
Thread Tools Display Modes
  #1  
Old 08-28-2006, 10:12 PM
Jetsone3 Jetsone3 is offline
Junior Member
  
Join Date: Aug 2006
Posts: 9
Unhappy Daughter's slow, HJT
AVG found a trojan: requester.12.exe
It looks like there are other problems. I'm just starting to work on it.

Logfile of HijackThis v1.99.1
Scan saved at 8:52:24 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Kelly\Program Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: BHO - {00000185-C745-43D2-44F1-01A1C789C738} - C:\PROGRA~1\SB\SMART-~1\BHO010~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/090e89ec...p/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binari...vc32_EN_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binari...vc32_EN_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binari...vc32_EN_XP.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binari...1046_EN_XP.cab
O18 - Protocol: bw+0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D59A8BC6-F982-4FAC-84F4-5AB3966A6D05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Reply With Quote
Posted


  #2  
Old 08-29-2006, 06:24 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
* Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

* Next, please reboot your computer in Safe Mode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

* Boot back into normal mode

* Please post the log from the smitRem tool, which will be located at C:\smitfiles.txt and a new hijackthis log.
Reply With Quote
  #3  
Old 09-06-2006, 10:01 PM
Jetsone3 Jetsone3 is offline
Junior Member
  
Join Date: Aug 2006
Posts: 9
smitRem © log file
version 3.1

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Tue 08/29/2006
The current time is: 22:35:52.17

Running from
C:\Documents and Settings\Kelly\Program Downloads\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Pea****@beyondlogic.org
Killing PID 768 'explorer.exe'
Killing PID 768 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN!


Logfile of HijackThis v1.99.1
Scan saved at 8:45:46 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Kelly\Program Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/090e89ec...p/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Reply With Quote
  #4  
Old 09-07-2006, 07:10 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
Reply With Quote
  #5  
Old 09-07-2006, 10:37 AM
Jetsone3 Jetsone3 is offline
Junior Member
  
Join Date: Aug 2006
Posts: 9
Kelly - 06-09-07 9:12:23.53
ComboFix 06.09.07 - Running from: C:\Documents and Settings\Kelly\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-07 to 2006-09-07 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-09-07 09:03 -------- d-------- C:\Documents and Settings\Kelly\Application Data\AVG7
2006-09-07 08:36 -------- d---s---- C:\Documents and Settings\Kelly\Application Data\Microsoft
2006-09-07 07:56 778016 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-06 21:18 -------- d-------- C:\Program Files\NETGEAR
2006-08-28 23:04 -------- d-------- C:\Program Files\Logitech
2006-08-28 23:03 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-28 22:03 -------- d-------- C:\Program Files\Lavasoft
2006-08-28 22:03 -------- d-------- C:\Documents and Settings\Kelly\Application Data\Lavasoft
2006-08-26 23:31 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-24 15:36 -------- d-------- C:\Program Files\Internet Explorer
2006-08-23 21:23 4850 --a------ C:\Documents and Settings\Kelly\Application Data\wklnhst.dat
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SoundMan"="SOUNDMAN.EXE"
"PCTVOICE"="pctspk.exe"
"Disk Monitor"="C:\\Program Files\\IC\\Card Reader Driver v1.9e2\\Disk_Monitor.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.ex e"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00 ,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23 ,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw. exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw. exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
"backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\sistray.exe "
"item"="Utility Tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Kelly^Start Menu^Programs^Startup^42 AC Plug.lnk]
"backup"="C:\\WINDOWS\\pss\\42 AC Plug.lnkStartup"
"location"="Startup"
"item"="42 AC Plug"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltPayments]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AltPayments"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AltPayments\\AltPayments.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Instant Access]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="rundll32"
"hkey"="HKCU"
"command"="rundll32.exe EGDACCESS_1070.dll,InstantAccess"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MailSkinner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mailskinner"
"hkey"="HKCU"
"command"="c:\\program files\\mailskinner\\mailskinner.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaPipe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="MediaPipe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MediaPipe\\MediaPipe.exe\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaPipe P2P Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mpp2pl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\p2pnetworks\\mpp2pl.exe\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaPipeTrayIcon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="MPTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MediaPipe\\MPTray.exe\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimbo ot.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mnyexpr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\requester]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="requester"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\requester.12.e xe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiS Windows KeyHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="keyhook"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\keyhook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\zBrowser Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="iTouch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"inimapping"="0"



Completion time: Thu 09/07/2006 9:13:55.21
ComboFix.txt


Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:32:41 AM, on 9/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kelly\Program Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/090e89ec...p/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Reply With Quote
  #6  
Old 09-07-2006, 04:22 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.

Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"

Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Then Next, run Ad-aware and perform a full scan. Remove everything found.

Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).


* Boot back into normal mode by restarting the pc and letting it start normally as you would.

Now, post a new hijackthis log here with the report from ewido.
Reply With Quote
  #7  
Old 09-08-2006, 10:27 AM
Jetsone3 Jetsone3 is offline
Junior Member
  
Join Date: Aug 2006
Posts: 9
Ewido won't run in Safe Mode. It causes the computer to reboot. Any suggestions?

Edit: OK, solved that problem. The new 1 gig memory stick I just put in is bad.
Last edited by Jetsone3; 09-08-2006 at 01:42 PM.
Reply With Quote
  #8  
Old 09-08-2006, 09:24 PM
Jetsone3 Jetsone3 is offline
Junior Member
  
Join Date: Aug 2006
Posts: 9
I had bought a gig of memory to speed things up, but it turned out to be bad. Got that replaced now. Ewido identified the Mailskinner program as a Trojan. It may have been the source of the trojans that kept popping up every day or two.

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:45:11 PM 9/8/2006

+ Scan result:



HKU\S-1-5-21-3554077760-3931488962-504956943-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.445:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@boostmobile.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@indigio.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@sunrocketinc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@thomasvillefurniture. 122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@volkswagen.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.514:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@downloads-zdnet.com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@mads.com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.403:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.404:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.405:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.406:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.336:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly\Cookies\kelly@banner.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\mzh4nlwn.default\coo kies.txt -> TrackingCookie.Qk