I think I've made a boo boo

Computing.Net > Forums > Security and Virus > I think I've made a boo boo

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

I think I've made a boo boo

Original Message

Name: baggie9S3
Date: November 12, 2006 at 07:20:07 Pacific
Subject: I think I've made a boo boo
OS: XP Pro
CPU/Ram: Centrino 1.7GHz, 768Mb
Model/Manufacturer: Acer Aspire

Comment:

Hey,
Yesterday I connected to the net and decided to download and install the software for Limewire [I know]. I installed but didn't like it so using the add/remove programs icon in the control panel I uninstalled the application.
After rebooting, my computer is now very slow, any application puts the CPU usage at 100% and it crawls along. If I play music in WMP it distorts and sounds too slow!
I installed and ran adaware - any problems found were dealt with.
I updated my anti virus program (AntiVir) and ran a full system scan. It found WORM/VB.DW and this was quarantined.
I updated my firewall (ZoneAlarm) - found nothing new.
I tried the online virus scan - STOP SIGN - it took over 6 hours to find NOTHING NEW! (speed due to computer, not size of HDD or net connection)
Boot up is slow and it takes a lot longer to get to the Login Page!
I've no idea but assume it must be some sort of nasty causing the trouble!
Any help much appreciated.
Thanks for your help
John

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: November 12, 2006 at 07:39:46 Pacific

Reply: (edit)

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware

Report Offensive Follow Up For Removal

Response Number 2

Name: clammer
Date: November 12, 2006 at 07:43:24 Pacific

Reply: (edit)

http://www.superantispyware.com/
In addition, this free scanner is quite good too.

Report Offensive Follow Up For Removal

Response Number 3

Name: baggie9S3
Date: November 12, 2006 at 07:43:44 Pacific

Reply: (edit)

Logfile of HijackThis v1.99.1
Scan saved at 15:24:53, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tamara\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h...
O16 - DPF: {B3E22EA2-A579-11D2-847A-00C04F7605B6} - file://E:\0000C5DD\me02p03a\common\en\online\code\odweb.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Thanks for your help
John

Report Offensive Follow Up For Removal

Response Number 4

Name: jabuck
Date: November 12, 2006 at 08:31:26 Pacific

Reply: (edit)

Looks like you have two antivirus programs installed. You need to decide which one you want to keep and uninstall the other as they will conflict and will slow the computer down.
You need to disable script blocking until we get you clean.
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2 Click Options.
If you see a menu, click Norton AntiVirus.
3 In the left pane, click Script Blocking.
4 In the right pane, uncheck Enable Script Blocking (recommended).
5 Click OK.
Go to start> control Panel> add/remove programs> and uninstall these if found:
MyWebSearch (or anything with myweb in it)
SaveNow
Webhancer
WhenU
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O16 - DPF: {B3E22EA2-A579-11D2-847A-00C04F7605B6} - file://E:\0000C5DD\me02p03a\common\en\online\code\odweb.cab
Exit Hijack This but remain in safe mode.
Navigate to and delete this folder:
C:\Program Files\MyWebSearch
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Post the AVG-AntiSpyware report on your desktop please.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the combofix.txt log and a new Hijack This log.

Report Offensive Follow Up For Removal

Response Number 5

Name: baggie9S3
Date: November 12, 2006 at 12:01:53 Pacific

Reply: (edit)

You were right about it taking some time :)
AVG Anti-Spyware - Scan Report

+ Created at: 19:36:05 12/11/2006
+ Scan result:
C:\System Volume Information\_restore{036CC90F-6E56-46DE-846D-39032A2FC627}\RP85\A0013618.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
C:\Program Files\WinAce\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.140:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.746:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.750:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.883:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.891:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.931:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.71i : Cleaned.
:mozilla.305:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.306:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.10:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\js0du5yt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.218:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.219:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.220:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.221:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.222:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.223:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.224:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.226:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.6:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\js0du5yt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.723:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.724:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.725:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.7:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\js0du5yt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.848:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.8:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\js0du5yt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.9:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\js0du5yt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.132:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.135:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.155:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.156:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.157:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.158:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.159:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.839:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.225:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.788:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.638:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.538:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.539:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.540:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.122:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.161:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.162:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.163:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.164:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.166:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.673:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.121:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.930:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.27:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.635:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.507:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.441:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.443:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.266:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.267:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.786:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.77:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.82:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.189:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.19:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\js0du5yt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.37:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.601:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.604:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.61:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.330:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.331:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.332:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.333:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.335:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.559:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.809:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.905:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.906:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.918:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.925:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.834:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.835:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.836:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.837:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.664:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.415:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.840:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.841:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.882:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.160:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.114:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.115:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.348:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.349:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.100:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.101:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.523:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.99:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.394:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.395:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.396:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.397:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.383:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.384:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.147:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.148:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.149:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.401:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.402:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.403:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.404:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.405:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.406:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.407:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.408:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.409:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.729:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.730:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.731:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.732:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.733:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.199:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.200:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.201:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.202:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.203:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.204:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.205:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.782:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.783:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.529:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.720:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.721:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.810:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.811:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.812:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.661:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.662:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.675:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.260:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.261:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.262:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.263:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.264:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.265:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.112:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.113:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.663:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.570:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.571:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.572:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.654:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.655:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.656:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.657:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.658:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.659:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.660:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.549:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.26:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.641:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.642:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.643:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.644:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.645:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.646:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.127:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.128:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.39:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.183:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.184:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.185:C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\hay4uas4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Tamara\Desktop\SmileyCentralPFSetup2.1.50.8.ZNfox000.exe/mwsSetup.CommonCodebase.exe -> Trojan.Isbar.s : Cleaned with backup (quarantined).
::Report end
-
COMBOFIX Report:
Tamara - 06-11-12 19:53:46.90 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"
((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))

2006-11-12 18:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-16 05:13 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-16 05:13 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-16 05:13 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-12 18:25 -------- d-------- C:\Program Files\Grisoft
2006-11-12 08:04 -------- d-------- C:\Program Files\eAcceleration
2006-11-12 08:04 -------- d-------- C:\Program Files\Acceleration Software
2006-11-12 08:04 -------- d-------- C:\Documents and Settings\Tamara\Application Data\eAcceleration
2006-11-12 08:03 -------- d-------- C:\Program Files\Common Files\eAcceleration
2006-11-11 17:43 -------- d-------- C:\Program Files\Zone Labs
2006-11-04 17:31 -------- d-------- C:\Program Files\iTunes
2006-11-04 17:29 -------- d-------- C:\Program Files\QuickTime
2006-11-04 15:14 -------- d-------- C:\Documents and Settings\Tamara\Application Data\vlc
2006-11-04 15:11 -------- d-------- C:\Program Files\MaxTV Online
2006-11-04 15:11 -------- d-------- C:\Program Files\MaxSoftware
2006-10-30 17:00 -------- d-------- C:\Documents and Settings\Tamara\Application Data\Sun
2006-10-30 16:57 -------- d-------- C:\Program Files\Java
2006-10-30 16:54 -------- d-------- C:\Program Files\Common Files\Java
2006-10-24 19:38 -------- d-------- C:\Program Files\Real
2006-10-24 19:37 -------- d-------- C:\Documents and Settings\Tamara\Application Data\Real
2006-10-24 15:34 -------- d-------- C:\Documents and Settings\Tamara\Application Data\Smilebox
2006-10-16 05:13 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-10-12 12:59 -------- d-------- C:\Program Files\Anonymizer
2006-10-10 16:20 -------- d-------- C:\Program Files\WinAce
2006-10-03 19:32 -------- d-------- C:\Documents and Settings\Tamara\Application Data\Lavasoft
2006-10-03 19:31 -------- d-------- C:\Program Files\Lavasoft
2006-09-28 17:24 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-28 17:24 -------- d-------- C:\Documents and Settings\Tamara\Application Data\Talkback
2006-09-28 17:08 -------- d-------- C:\Program Files\Apple Software Update
2006-09-26 07:59 55096 --a------ C:\Documents and Settings\Tamara\Application Data\GDIPFONTCACHEV1.DAT
2006-09-25 09:45 -------- d-------- C:\Program Files\Skype
2006-09-19 15:44 15664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SoftwareStation"="\"C:\\Program Files\\eAcceleration\\Station\\station.exe\" /b Startup"
"StopSignSsTsMon"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\Anti-Virus\\sstsmon.dll\",VerifyStatus"
"webscan"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e0,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Tamara.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-11-12 19:55:06.56
C:\ComboFix.txt ... 06-11-12 19:55
--
Logfile of HijackThis v1.99.1
Scan saved at 19:59:34, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tamara\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Thanks for your help
John

Report Offensive Follow Up For Removal


I've got a virus!!! I Think I have A Virus think i've got a virus??? seems I've got it all I've got the VXD virus ...!!	Please help i've two problems!!!!! I think I might have virus Clue to lsass.exe shutdown problem have the iworm attack v122.02a Virus/Worm YP-239P.exe

Response Number 6

Name: jabuck
Date: November 12, 2006 at 12:55:09 Pacific

Reply: (edit)

Your Hijack This log is clean.
Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Report Offensive Follow Up For Removal

Response Number 7

Name: baggie9S3
Date: November 12, 2006 at 21:05:51 Pacific

Reply: (edit)

@ jabuck
Very many thanks for your 'very easy to understand' walk through.
Although my computer is still slow I assume that this is not as a result of a 'nasty' lurking on my computer.
For your time and effort you should be commended.
Regards
Thanks for your help
John

Report Offensive Follow Up For Removal

Response Number 8

Name: jabuck
Date: November 12, 2006 at 21:33:45 Pacific

Reply: (edit)

I suspect that the two antiviruses are the cause of the slowness on your computer, however I do see a entry in the HJT log that needs to be fixed, just run Hijack This in normal mode and remove this.
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...

Report Offensive Follow Up For Removal

Media Codec virus /spywar...

Trojan GPZ and GUD? log a...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Do you own an iPhone?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Women's Execution

internal HDD to external HDD

Wireless network problem connectivi

DVD Drive Setup

cpu overclocking

All Awaiting Reply