doug barry Posted October 12, 2007 ID:8753 Share Posted October 12, 2007 Sorry to start a new thread, can't get into the old one. Probably you can find the earlier thread from me. Have re-run AVG and HJT, reports (hopefully) below. You asked me to take action on AVG, but I got no options to do anything, and all identified items were described as "ignore once". I had to leave it at that.Thanks for your time.Doug Barry---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 14:28:14 11/10/2007 + Scan result: HKU\S-1-5-21-1604588719-2568385918-1129099347-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Ignored.HKU\S-1-5-21-1604588719-2568385918-1129099347-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Ignored.HKU\S-1-5-21-1604588719-2568385918-1129099347-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Ignored.HKU\S-1-5-21-1604588719-2568385918-1129099347-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Ignored.C:\WINDOWS\system32\ld1131.tmp -> Downloader.Zlob.jz : Ignored.C:\WINDOWS\system32\hpF661.tmp -> Downloader.Zlob.kc : Ignored.C:\WINDOWS\system32\hp7D35.tmp -> Downloader.Zlob.mp : Ignored.C:\WINDOWS\system32\hpFA4.tmp -> Downloader.Zlob.mp : Ignored.C:\WINDOWS\system32\systems.txt -> Not-A-Virus.Hoax.Win32.Renos.jh : Ignored.C:\Documents and Settings\Doug\Cookies\doug@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignored.C:\Documents and Settings\Doug\Cookies\doug@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignored.C:\Documents and Settings\Doug\Cookies\doug@247realmedia[3].txt -> TrackingCookie.247realmedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@247realmedia[3].txt -> TrackingCookie.247realmedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@247realmedia[4].txt -> TrackingCookie.247realmedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@247realmedia[6].txt -> TrackingCookie.247realmedia : Ignored.C:\Documents and Settings\Doug\Cookies\doug@112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@112.2o7[2].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@112.2o7[3].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@122.2o7[2].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@122.2o7[4].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@2o7[2].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@2o7[3].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@amazonms.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@amznmothercare.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@archant.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@argos.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@atoc.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@carphonewarehouse.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@centerparcs.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@hotelopia.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@marksandspencer.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@medhelpinternational.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@propertyfinderltd.122.2o7[2].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@thomascook.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@trinitymirror.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@112.2o7[2].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@112.2o7[3].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@112.2o7[4].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@122.2o7[3].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@122.2o7[4].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@2o7[2].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@2o7[3].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@2o7[4].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@2o7[6].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@amazonms.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@argos.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@atoc.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@carphonewarehouse.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@cendantchg.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@marksandspencer.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@medhelpinternational.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@millenniumhotels.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@propertyfinderltd.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@redcatsuk.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@thomascook.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tuiuk.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adbrite[3].txt -> TrackingCookie.Adbrite : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignored.C:\Documents and Settings\Sue\Cookies\sue@www.adobe[1].txt -> TrackingCookie.Adobe : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adrevolver[4].txt -> TrackingCookie.Adrevolver : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adrevolver[3].txt -> TrackingCookie.Adrevolver : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adrevolver[5].txt -> TrackingCookie.Adrevolver : Ignored.C:\Documents and Settings\Sue\Cookies\sue@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adtech[2].txt -> TrackingCookie.Adtech : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adtech[1].txt -> TrackingCookie.Adtech : Ignored.C:\Documents and Settings\Doug\Cookies\doug@advertising[2].txt -> TrackingCookie.Advertising : Ignored.C:\Documents and Settings\Doug\Cookies\doug@advertising[4].txt -> TrackingCookie.Advertising : Ignored.C:\Documents and Settings\Sue\Cookies\sue@advertising[1].txt -> TrackingCookie.Advertising : Ignored.C:\Documents and Settings\Sue\Cookies\sue@advertising[2].txt -> TrackingCookie.Advertising : Ignored.C:\Documents and Settings\Sue\Cookies\sue@advertising[3].txt -> TrackingCookie.Advertising : Ignored.C:\Documents and Settings\Sue\Cookies\sue@advertising[4].txt -> TrackingCookie.Advertising : Ignored.C:\Documents and Settings\Sue\Cookies\sue@advertising[6].txt -> TrackingCookie.Advertising : Ignored.C:\Documents and Settings\Sue\Cookies\sue@servedby.advertising[2].txt -> TrackingCookie.Advertising : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adviva[2].txt -> TrackingCookie.Adviva : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adviva[1].txt -> TrackingCookie.Adviva : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adviva[3].txt -> TrackingCookie.Adviva : Ignored.C:\Documents and Settings\Doug\Cookies\doug@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.C:\Documents and Settings\Sue\Cookies\sue@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored.C:\Documents and Settings\Doug\Cookies\doug@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored.C:\Documents and Settings\Doug\Cookies\doug@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignored.C:\Documents and Settings\Doug\Cookies\doug@bluestreak[3].txt -> TrackingCookie.Bluestreak : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bluestreak[3].txt -> TrackingCookie.Bluestreak : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bluestreak[4].txt -> TrackingCookie.Bluestreak : Ignored.C:\Documents and Settings\Doug\Cookies\doug@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Ignored.C:\Documents and Settings\Doug\Cookies\doug@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Ignored.C:\Documents and Settings\Sue\Cookies\sue@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Ignored.C:\Documents and Settings\Doug\Cookies\doug@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.C:\Documents and Settings\Doug\Cookies\doug@www.burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.C:\Documents and Settings\Doug\Cookies\doug@www.burstnet[3].txt -> TrackingCookie.Burstnet : Ignored.C:\Documents and Settings\Sue\Cookies\sue@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.C:\Documents and Settings\Sue\Cookies\sue@burstnet[3].txt -> TrackingCookie.Burstnet : Ignored.C:\Documents and Settings\Sue\Cookies\sue@www.burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.C:\Documents and Settings\Doug\Cookies\doug@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored.C:\Documents and Settings\Doug\Cookies\doug@casalemedia[3].txt -> TrackingCookie.Casalemedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.C:\Documents and Settings\Doug\Cookies\doug@clickbank[1].txt -> TrackingCookie.Clickbank : Ignored.C:\Documents and Settings\Doug\Cookies\doug@clickbank[2].txt -> TrackingCookie.Clickbank : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ads.cnn[2].txt -> TrackingCookie.Cnn : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ads.cnn[2].txt -> TrackingCookie.Cnn : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ads.guardian.co[1].txt -> TrackingCookie.Co : Ignored.C:\Documents and Settings\Doug\Cookies\doug@com[1].txt -> TrackingCookie.Com : Ignored.C:\Documents and Settings\Doug\Cookies\doug@connextra[2].txt -> TrackingCookie.Connextra : Ignored.C:\Documents and Settings\Doug\Cookies\doug@connextra[3].txt -> TrackingCookie.Connextra : Ignored.C:\Documents and Settings\Doug\Cookies\doug@connextra[4].txt -> TrackingCookie.Connextra : Ignored.C:\Documents and Settings\Sue\Cookies\sue@connextra[1].txt -> TrackingCookie.Connextra : Ignored.C:\Documents and Settings\Sue\Cookies\sue@connextra[2].txt -> TrackingCookie.Connextra : Ignored.C:\Documents and Settings\Sue\Cookies\sue@connextra[4].txt -> TrackingCookie.Connextra : Ignored.C:\Documents and Settings\Sue\Cookies\sue@connextra[8].txt -> TrackingCookie.Connextra : Ignored.C:\Documents and Settings\Doug\Cookies\doug@bilbo.counted[2].txt -> TrackingCookie.Counted : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bilbo.counted[1].txt -> TrackingCookie.Counted : Ignored.C:\Documents and Settings\Doug\Cookies\doug@dealtime[1].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Doug\Cookies\doug@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Doug\Cookies\doug@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Doug\Cookies\doug@stat.dealtime[4].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Sue\Cookies\sue@dealtime[1].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Sue\Cookies\sue@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Sue\Cookies\sue@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Sue\Cookies\sue@stat.dealtime[3].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Sue\Cookies\sue@stat.dealtime[4].txt -> TrackingCookie.Dealtime : Ignored.C:\Documents and Settings\Doug\Cookies\doug@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@doubleclick[3].txt -> TrackingCookie.Doubleclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@doubleclick[3].txt -> TrackingCookie.Doubleclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wfkooncpwep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wgk4qidjilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjloejc5kkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@e-2dj6wal4und5kcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@e-2dj6wbkysjazofo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@e-2dj6wfk4anc5kdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@e-2dj6wfmigldzmap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@e-2dj6wgkyqmcjseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@e-2dj6wjk4umcpkeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@e-2dj6wjkouic5mcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@estat[1].txt -> TrackingCookie.Estat : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@adopt.euroclick[4].txt -> TrackingCookie.Euroclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignored.C:\Documents and Settings\Sue\Cookies\sue@as-us.falkag[1].txt -> TrackingCookie.Falkag : Ignored.C:\Documents and Settings\Sue\Cookies\sue@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignored.C:\Documents and Settings\Sue\Cookies\sue@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Ignored.C:\Documents and Settings\Sue\Cookies\sue@sel.as-us.falkag[3].txt -> TrackingCookie.Falkag : Ignored.C:\Documents and Settings\Doug\Cookies\doug@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@fastclick[3].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@media.fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@media.fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@fastclick[3].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@fastclick[4].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@fastclick[6].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@media.fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@media.fastclick[3].txt -> TrackingCookie.Fastclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@goclick[2].txt -> TrackingCookie.Goclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ehg-littlewoods.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ehg-littlewoods.hitbox[3].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ehg-logantod.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ehg-tfl.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Doug\Cookies\doug@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Doug\Cookies\doug@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ehg-littlewoods.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ehg-littlewoods.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ehg-lookfantastic.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ehg-rodale.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ehg-rodale.hitbox[3].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ehg-tfl.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ehg-totalsystemsservices.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@hitbox[3].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@hitbox[4].txt -> TrackingCookie.Hitbox : Ignored.C:\Documents and Settings\Sue\Cookies\sue@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Ignored.C:\Documents and Settings\Doug\Cookies\doug@hypertracker[2].txt -> TrackingCookie.Hypertracker : Ignored.C:\Documents and Settings\Doug\Cookies\doug@info[1].txt -> TrackingCookie.Info : Ignored.C:\Documents and Settings\Doug\Cookies\doug@web.info[1].txt -> TrackingCookie.Info : Ignored.C:\Documents and Settings\Doug\Cookies\doug@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Ignored.C:\Documents and Settings\Sue\Cookies\sue@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Ignored.C:\Documents and Settings\Sue\Cookies\sue@search.live[2].txt -> TrackingCookie.Live : Ignored.C:\Documents and Settings\Doug\Cookies\doug@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Doug\Cookies\doug@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Doug\Cookies\doug@server.iad.liveperson[5].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Doug\Cookies\doug@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Sue\Cookies\sue@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Sue\Cookies\sue@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Sue\Cookies\sue@server.iad.liveperson[4].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Sue\Cookies\sue@server.iad.liveperson[5].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Sue\Cookies\sue@server.iad.liveperson[7].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Sue\Cookies\sue@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.C:\Documents and Settings\Doug\Cookies\doug@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignored.C:\Documents and Settings\Doug\Cookies\doug@mediaplex[3].txt -> TrackingCookie.Mediaplex : Ignored.C:\Documents and Settings\Sue\Cookies\sue@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.C:\Documents and Settings\Sue\Cookies\sue@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignored.C:\Documents and Settings\Sue\Cookies\sue@mediaplex[3].txt -> TrackingCookie.Mediaplex : Ignored.C:\Documents and Settings\Sue\Cookies\sue@oewabox[1].txt -> TrackingCookie.Oewabox : Ignored.C:\Documents and Settings\Doug\Cookies\doug@stat.onestat[1].txt -> TrackingCookie.Onestat : Ignored.C:\Documents and Settings\Sue\Cookies\sue@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignored.C:\Documents and Settings\Doug\Cookies\doug@data1.perf.overture[2].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@data2.perf.overture[1].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@overture[1].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@overture[2].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@overture[3].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@overture[1].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@overture[2].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@overture[3].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@overture[4].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Sue\Cookies\sue@overture[5].txt -> TrackingCookie.Overture : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ads.pointroll[5].txt -> TrackingCookie.Pointroll : Ignored.C:\Documents and Settings\Doug\Cookies\doug@pro-market[1].txt -> TrackingCookie.Pro-market : Ignored.C:\Documents and Settings\Sue\Cookies\sue@pro-market[1].txt -> TrackingCookie.Pro-market : Ignored.C:\Documents and Settings\Doug\Cookies\doug@qksrv[1].txt -> TrackingCookie.Qksrv : Ignored.C:\Documents and Settings\Doug\Cookies\doug@qksrv[3].txt -> TrackingCookie.Qksrv : Ignored.C:\Documents and Settings\Doug\Cookies\doug@qksrv[4].txt -> TrackingCookie.Qksrv : Ignored.C:\Documents and Settings\Sue\Cookies\sue@qksrv[1].txt -> TrackingCookie.Qksrv : Ignored.C:\Documents and Settings\Sue\Cookies\sue@qksrv[2].txt -> TrackingCookie.Qksrv : Ignored.C:\Documents and Settings\Sue\Cookies\sue@qksrv[3].txt -> TrackingCookie.Qksrv : Ignored.C:\Documents and Settings\Sue\Cookies\sue@qksrv[4].txt -> TrackingCookie.Qksrv : Ignored.C:\Documents and Settings\Sue\Cookies\sue@qksrv[6].txt -> TrackingCookie.Qksrv : Ignored.C:\Documents and Settings\Doug\Cookies\doug@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.C:\Documents and Settings\Doug\Cookies\doug@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.C:\Documents and Settings\Doug\Cookies\doug@questionmarket[3].txt -> TrackingCookie.Questionmarket : Ignored.C:\Documents and Settings\Sue\Cookies\sue@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.C:\Documents and Settings\Sue\Cookies\sue@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.C:\Documents and Settings\Sue\Cookies\sue@questionmarket[4].txt -> TrackingCookie.Questionmarket : Ignored.C:\Documents and Settings\Sue\Cookies\sue@questionmarket[5].txt -> TrackingCookie.Questionmarket : Ignored.C:\Documents and Settings\Sue\Cookies\sue@questionmarket[6].txt -> TrackingCookie.Questionmarket : Ignored.C:\Documents and Settings\Doug\Cookies\doug@realmedia[1].txt -> TrackingCookie.Realmedia : Ignored.C:\Documents and Settings\Doug\Cookies\doug@realmedia[2].txt -> TrackingCookie.Realmedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@realmedia[1].txt -> TrackingCookie.Realmedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@realmedia[2].txt -> TrackingCookie.Realmedia : Ignored.C:\Documents and Settings\Sue\Cookies\sue@realmedia[4].txt -> TrackingCookie.Realmedia : Ignored.C:\Documents and Settings\Doug\Cookies\doug@revsci[1].txt -> TrackingCookie.Revsci : Ignored.C:\Documents and Settings\Doug\Cookies\doug@revsci[3].txt -> TrackingCookie.Revsci : Ignored.C:\Documents and Settings\Doug\Cookies\doug@revsci[4].txt -> TrackingCookie.Revsci : Ignored.C:\Documents and Settings\Sue\Cookies\sue@revsci[1].txt -> TrackingCookie.Revsci : Ignored.C:\Documents and Settings\Sue\Cookies\sue@revsci[2].txt -> TrackingCookie.Revsci : Ignored.C:\Documents and Settings\Sue\Cookies\sue@revsci[3].txt -> TrackingCookie.Revsci : Ignored.C:\Documents and Settings\Sue\Cookies\sue@revsci[5].txt -> TrackingCookie.Revsci : Ignored.C:\Documents and Settings\Doug\Cookies\doug@edge.ru4[2].txt -> TrackingCookie.Ru4 : Ignored.C:\Documents and Settings\Sue\Cookies\sue@edge.ru4[1].txt -> TrackingCookie.Ru4 : Ignored.C:\Documents and Settings\Doug\Cookies\doug@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Doug\Cookies\doug@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Doug\Cookies\doug@bs.serving-sys[4].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Doug\Cookies\doug@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Doug\Cookies\doug@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Doug\Cookies\doug@serving-sys[4].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bs.serving-sys[4].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@bs.serving-sys[6].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@serving-sys[3].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@serving-sys[4].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@serving-sys[5].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Sue\Cookies\sue@serving-sys[6].txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Doug\Cookies\doug@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignored.C:\Documents and Settings\Sue\Cookies\sue@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignored.C:\Documents and Settings\Sue\Cookies\sue@h.starware[1].txt -> TrackingCookie.Starware : Ignored.C:\Documents and Settings\Sue\Cookies\sue@try.starware[1].txt -> TrackingCookie.Starware : Ignored.C:\Documents and Settings\Doug\Cookies\doug@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.C:\Documents and Settings\Doug\Cookies\doug@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored.C:\Documents and Settings\Doug\Cookies\doug@statcounter[3].txt -> TrackingCookie.Statcounter : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statcounter[3].txt -> TrackingCookie.Statcounter : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statcounter[4].txt -> TrackingCookie.Statcounter : Ignored.C:\Documents and Settings\Doug\Cookies\doug@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Ignored.C:\Documents and Settings\Doug\Cookies\doug@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.C:\Documents and Settings\Doug\Cookies\doug@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.C:\Documents and Settings\Doug\Cookies\doug@anat.tacoda[3].txt -> TrackingCookie.Tacoda : Ignored.C:\Documents and Settings\Doug\Cookies\doug@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.C:\Documents and Settings\Doug\Cookies\doug@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tacoda[3].txt -> TrackingCookie.Tacoda : Ignored.C:\Documents and Settings\Doug\Cookies\doug@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignored.C:\Documents and Settings\Doug\Cookies\doug@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignored.C:\Documents and Settings\Doug\Cookies\doug@tradedoubler[4].txt -> TrackingCookie.Tradedoubler : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tradedoubler[4].txt -> TrackingCookie.Tradedoubler : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tradedoubler[5].txt -> TrackingCookie.Tradedoubler : Ignored.C:\Documents and Settings\Doug\Cookies\doug@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.C:\Documents and Settings\Sue\Cookies\sue@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.C:\Documents and Settings\Doug\Cookies\doug@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored.C:\Documents and Settings\Doug\Cookies\doug@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored.C:\Documents and Settings\Sue\Cookies\sue@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored.C:\Documents and Settings\Doug\Cookies\doug@pr.valueclick[2].txt -> TrackingCookie.Valueclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@valueclick[4].txt -> TrackingCookie.Valueclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@pr.valueclick[1].txt -> TrackingCookie.Valueclick : Ignored.C:\Documents and Settings\Sue\Cookies\sue@valueclick[2].txt -> TrackingCookie.Valueclick : Ignored.C:\Documents and Settings\Doug\Cookies\doug@web-stat[1].txt -> TrackingCookie.Web-stat : Ignored.C:\Documents and Settings\Doug\Cookies\doug@web-stat[2].txt -> TrackingCookie.Web-stat : Ignored.C:\Documents and Settings\Doug\Cookies\doug@web-stat[3].txt -> TrackingCookie.Web-stat : Ignored.C:\Documents and Settings\Doug\Cookies\doug@webstat[2].txt -> TrackingCookie.Web-stat : Ignored.C:\Documents and Settings\Sue\Cookies\sue@web-stat[1].txt -> TrackingCookie.Web-stat : Ignored.C:\Documents and Settings\Sue\Cookies\sue@webstat[1].txt -> TrackingCookie.Web-stat : Ignored.C:\Documents and Settings\Doug\Cookies\doug@weborama[1].txt -> TrackingCookie.Weborama : Ignored.C:\Documents and Settings\Doug\Cookies\doug@weborama[2].txt -> TrackingCookie.Weborama : Ignored.C:\Documents and Settings\Sue\Cookies\sue@weborama[1].txt -> TrackingCookie.Weborama : Ignored.C:\Documents and Settings\Doug\Cookies\doug@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored.C:\Documents and Settings\Doug\Cookies\doug@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignored.C:\Documents and Settings\Doug\Cookies\doug@m.webtrends[3].txt -> TrackingCookie.Webtrends : Ignored.C:\Documents and Settings\Doug\Cookies\doug@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored.C:\Documents and Settings\Doug\Cookies\doug@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statse.webtrendslive[4].txt -> TrackingCookie.Webtrendslive : Ignored.C:\Documents and Settings\Sue\Cookies\sue@statse.webtrendslive[5].txt -> TrackingCookie.Webtrendslive : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Ignored.C:\Documents and Settings\Doug\Cookies\doug@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Ignored.C:\Documents and Settings\Sue\Cookies\sue@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.C:\Documents and Settings\Sue\Cookies\sue@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.C:\Documents and Settings\Doug\Cookies\doug@c5.zedo[2].txt -> TrackingCookie.Zedo : Ignored.C:\Documents and Settings\Doug\Cookies\doug@zedo[1].txt -> TrackingCookie.Zedo : Ignored.C:\Documents and Settings\Doug\Cookies\doug@zedo[3].txt -> TrackingCookie.Zedo : Ignored.C:\Documents and Settings\Sue\Cookies\sue@zedo[1].txt -> TrackingCookie.Zedo : Ignored.C:\Documents and Settings\Sue\Cookies\sue@zedo[2].txt -> TrackingCookie.Zedo : Ignored.C:\Documents and Settings\Sue\Cookies\sue@zedo[3].txt -> TrackingCookie.Zedo : Ignored.C:\Documents and Settings\Sue\Cookies\sue@zedo[5].txt -> TrackingCookie.Zedo : Ignored.C:\Documents and Settings\Sue\Cookies\sue@zedo[6].txt -> TrackingCookie.Zedo : Ignored.C:\Documents and Settings\Sue\Local Settings\Temp\neaoopmd.exe_old -> Trojan.Dialer.ay : Ignored.::Report end Link to post Share on other sites More sharing options...
doug barry Posted October 12, 2007 Author ID:8754 Share Posted October 12, 2007 Sorry to start a new thread, can't get into the old one. Probably you can find the earlier thread from me. Have re-run AVG and HJT, reports (hopefully) below. You asked me to take action on AVG, but I got no options to do anything, and all identified items were described as "ignore once". I had to leave it at that.Thanks for your time.Doug Barry---------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:29:04, on 11/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\VoyagerTest\fts.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\WINDOWS\system32\hphmon05.exeC:\WINDOWS\system32\ezSP_Px.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\PROGRA~1\Sony\SONICS~1\SsAAD.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Common Files\AOL\1138701889\ee\AOLSoftware.exeC:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Boots F2CD\Picture Suite\InsDetect.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\WINDOWS\system32\ctfmon.exec:\program files\common files\aol\1138701889\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exec:\program files\common files\aol\1138701889\ee\aolsoftware.exeC:\WINDOWS\system32\WinAvXX.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\AOL 9.0\aoltray.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\AOL\Broadband Assistant\bin\mpbtn.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & IrelandR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exeO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dllO3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-gb\msntb.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exeO4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138701889\ee\AOLSoftware.exeO4 - HKLM\..\Run: [Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /suO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe iconO4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeO4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: system.exeO4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-gb\bin\WindowsSearch.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: AOL Broadband Assistant.lnk = C:\Program Files\AOL\Broadband Assistant\bin\matcli.exeO4 - Global Startup: autorun.exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-gb\msntb.dll/search.htmO8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-gb\msntabres.dll/229?49ac41a05e8f47cab7e4a901936e232O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-gb\msntabres.dll/230?49ac41a05e8f47cab7e4a901936e232O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165938726875O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190225056171O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cabO16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cabO20 - AppInit_DLLs: hadjajr.iniO22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe--End of file - 12318 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted October 15, 2007 ID:8855 Share Posted October 15, 2007 Hi Doug. So sorry for the delay in a response. This was actually posted in the wrong forum. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post the Smitfraud log and a new HJT log for me please. Link to post Share on other sites More sharing options...
JeanInMontana Posted October 21, 2007 ID:8960 Share Posted October 21, 2007 Closing for lack of response. Link to post Share on other sites More sharing options...
JeanInMontana Posted October 22, 2007 ID:8985 Share Posted October 22, 2007 Your experiencing normal infection tactics. Let's try this.1. Download this file :http://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next replyNote:Do not mouseclick combofix's window while its running. That may cause it to stall Link to post Share on other sites More sharing options...
doug barry Posted October 22, 2007 Author ID:8992 Share Posted October 22, 2007 ComboFix 07-10-22.7 - Doug 2007-10-22 9:54:40.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.164 [GMT -7:00]Running from: C:\Documents and Settings\Doug\Desktop\combofix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exeC:\Documents and Settings\Sue\Start Menu\Programs\Startup\system.exe.((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))).2007-10-22 09:52 51,200 --a------ C:\WINDOWS\NirCmd.exe2007-10-22 01:00 <DIR> d--hs---- C:\FOUND.0762007-10-17 15:35 <DIR> d--hs---- C:\FOUND.0752007-10-17 15:18 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS2007-10-17 15:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec2007-10-17 13:27 4,332 --a------ C:\WINDOWS\system32\tmp.reg2007-10-17 13:26 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe2007-10-17 13:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe2007-10-17 13:26 53,248 --a------ C:\WINDOWS\system32\Process.exe2007-10-17 13:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe2007-10-17 13:26 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe2007-10-01 12:10 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\Grisoft2007-09-30 14:27 <DIR> d-------- C:\Program Files\Trend Micro2007-09-30 13:42 69,632 --a------ C:\WINDOWS\system32\asprouni.exe2007-09-30 13:41 <DIR> d-------- C:\WINDOWS\system32\ASPRO2007-09-30 12:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan2007-09-30 11:43 <DIR> d-------- C:\Documents and Settings\Sue\Application Data\Grisoft2007-09-30 11:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys2007-09-30 07:31 <DIR> d-------- C:\Documents and Settings\Doug\Contacts2007-09-30 07:29 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-09-20 18:44 2,015 ---h--r C:\WINDOWS\system32\drivers\hosts2007-09-20 18:44 --------- d-----w C:\Program Files\RogueRemover PRO2007-07-31 02:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15]"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 17:23]"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2005-05-16 11:13]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52]"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 12:49 C:\WINDOWS\AGRSMMSG.exe]"Alaunch"="C:\Windows\alaunch.exe" [2002-05-24 16:08]"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-08-12 20:00]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-12 20:01]"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 16:45]"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 16:41]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 14:14]"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 21:23]"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 21:15]"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29]"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 06:59]"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 16:22]"HostManager"="C:\Program Files\Common Files\AOL\1138701889\ee\AOLSoftware.exe" [2006-04-27 05:28]"Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2000-08-28 11:12]"SoundMan"="SOUNDMAN.EXE" [2003-08-15 15:34 C:\WINDOWS\SOUNDMAN.EXE]"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 08:10]"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 05:47]"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-08-28 11:47]"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 08:57]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]"Boots Insert Detect"="C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 11:45]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00]"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]C:\Documents and Settings\Doug\Start Menu\Programs\Startup\Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-21]Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-21][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoWindowsUpdate"=0 (0x0)"NoRecentDocsMenu"=0 (0x0)"NoFavoritesMenu"=0 (0x0)"NoSMMyPictures"=0 (0x0)"NoStartMenuMyMusic"=0 (0x0)"NoRecentDocsHistory"=0 (0x0)"NoRecentDocsNetHood"=0 (0x0)"NoInstrumentation"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoRecentDocsMenu"=0 (0x0)"NoFavoritesMenu"=0 (0x0)"NoSMMyPictures"=0 (0x0)"NoStartMenuMyMusic"=0 (0x0)"NoRecentDocsHistory]"=0 (0x0)"NoRecentDocsNetHood"=0 (0x0)"NoUserNameInStartMenu"=0 (0x0)"NoInstrumentation"=0 (0x0)"NoStartMenuPinnedList"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=hadjajr.iniR3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sysR3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS*Newly Created Service* - CATCHME.Contents of the 'Scheduled Tasks' folder"2005-05-16 18:12:20 C:\WINDOWS\Tasks\Symantec NetDetect.job"- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE.**************************************************************************catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-10-22 09:56:55Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-10-22 9:57:39. --- E O F --- Link to post Share on other sites More sharing options...
doug barry Posted October 22, 2007 Author ID:8993 Share Posted October 22, 2007 (edited) ComboFix 07-10-22.7 - Doug 2007-10-22 9:54:40.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.164 [GMT -7:00]Running from: C:\Documents and Settings\Doug\Desktop\combofix.exe * Created a new restore point.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:05:08, on 22/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\VoyagerTest\fts.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\WINDOWS\system32\hphmon05.exeC:\WINDOWS\system32\ezSP_Px.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\PROGRA~1\Sony\SONICS~1\SsAAD.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Common Files\AOL\1138701889\ee\AOLSoftware.exeC:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Boots F2CD\Picture Suite\InsDetect.exec:\program files\common files\aol\1138701889\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exec:\program files\common files\aol\1138701889\ee\aolsoftware.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\AOL 9.0\aoltray.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\AOL\Broadband Assistant\bin\mpbtn.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\AOL 9.0\waol.exeC:\Program Files\AOL 9.0\shellmon.exeC:\Program Files\Common Files\AOL\aoltpspd.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-gb\msntb.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exeO4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138701889\ee\AOLSoftware.exeO4 - HKLM\..\Run: [Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /suO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe iconO4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeO4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-gb\bin\WindowsSearch.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: AOL Broadband Assistant.lnk = C:\Program Files\AOL\Broadband Assistant\bin\matcli.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-gb\msntb.dll/search.htmO8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-gb\msntabres.dll/229?49ac41a05e8f47cab7e4a901936e232O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-gb\msntabres.dll/230?49ac41a05e8f47cab7e4a901936e232O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165938726875O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190225056171O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cabO16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8E48DBF3-3E5A-4FC0-BF43-D6BCEFCEC9E8}: NameServer = 205.188.146.145O20 - AppInit_DLLs: hadjajr.iniO22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe--End of file - 11826 bytes((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exeC:\Documents and Settings\Sue\Start Menu\Programs\Startup\system.exe.((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))).2007-10-22 09:52 51,200 --a------ C:\WINDOWS\NirCmd.exe2007-10-22 01:00 <DIR> d--hs---- C:\FOUND.0762007-10-17 15:35 <DIR> d--hs---- C:\FOUND.0752007-10-17 15:18 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS2007-10-17 15:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec2007-10-17 13:27 4,332 --a------ C:\WINDOWS\system32\tmp.reg2007-10-17 13:26 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe2007-10-17 13:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe2007-10-17 13:26 53,248 --a------ C:\WINDOWS\system32\Process.exe2007-10-17 13:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe2007-10-17 13:26 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe2007-10-01 12:10 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\Grisoft2007-09-30 14:27 <DIR> d-------- C:\Program Files\Trend Micro2007-09-30 13:42 69,632 --a------ C:\WINDOWS\system32\asprouni.exe2007-09-30 13:41 <DIR> d-------- C:\WINDOWS\system32\ASPRO2007-09-30 12:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan2007-09-30 11:43 <DIR> d-------- C:\Documents and Settings\Sue\Application Data\Grisoft2007-09-30 11:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys2007-09-30 07:31 <DIR> d-------- C:\Documents and Settings\Doug\Contacts2007-09-30 07:29 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-09-20 18:44 2,015 ---h--r C:\WINDOWS\system32\drivers\hosts2007-09-20 18:44 --------- d-----w C:\Program Files\RogueRemover PRO2007-07-31 02:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15]"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 17:23]"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2005-05-16 11:13]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52]"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 12:49 C:\WINDOWS\AGRSMMSG.exe]"Alaunch"="C:\Windows\alaunch.exe" [2002-05-24 16:08]"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-08-12 20:00]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-12 20:01]"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 16:45]"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 16:41]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 14:14]"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 21:23]"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 21:15]"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29]"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 06:59]"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 16:22]"HostManager"="C:\Program Files\Common Files\AOL\1138701889\ee\AOLSoftware.exe" [2006-04-27 05:28]"Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2000-08-28 11:12]"SoundMan"="SOUNDMAN.EXE" [2003-08-15 15:34 C:\WINDOWS\SOUNDMAN.EXE]"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 08:10]"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 05:47]"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-08-28 11:47]"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 08:57]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]"Boots Insert Detect"="C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 11:45]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00]"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]C:\Documents and Settings\Doug\Start Menu\Programs\Startup\Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-21]Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-21][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoWindowsUpdate"=0 (0x0)"NoRecentDocsMenu"=0 (0x0)"NoFavoritesMenu"=0 (0x0)"NoSMMyPictures"=0 (0x0)"NoStartMenuMyMusic"=0 (0x0)"NoRecentDocsHistory"=0 (0x0)"NoRecentDocsNetHood"=0 (0x0)"NoInstrumentation"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoRecentDocsMenu"=0 (0x0)"NoFavoritesMenu"=0 (0x0)"NoSMMyPictures"=0 (0x0)"NoStartMenuMyMusic"=0 (0x0)"NoRecentDocsHistory]"=0 (0x0)"NoRecentDocsNetHood"=0 (0x0)"NoUserNameInStartMenu"=0 (0x0)"NoInstrumentation"=0 (0x0)"NoStartMenuPinnedList"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=hadjajr.iniR3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sysR3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS*Newly Created Service* - CATCHME.Contents of the 'Scheduled Tasks' folder"2005-05-16 18:12:20 C:\WINDOWS\Tasks\Symantec NetDetect.job"- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE.**************************************************************************catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-10-22 09:56:55Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-10-22 9:57:39. --- E O F -- Edited October 22, 2007 by JeanInMontana To remove quotes. Link to post Share on other sites More sharing options...
doug barry Posted October 22, 2007 Author ID:8994 Share Posted October 22, 2007 HiTried to run combofix and HJT, hopefully logs posted are intelligible. During earlier attempts to run Smitfraudfix, I kept getting messages "Registry editing has been disabled by your administrator". During Combofix runs I got "Navigation to the webpage was cancelled", but program seemed to run OK.RegardsDoug Link to post Share on other sites More sharing options...
JeanInMontana Posted October 22, 2007 ID:8996 Share Posted October 22, 2007 OK make sure you have the system set to show hidden files. Please set your system to show all files; Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK. Make sure you are using an administrator account. Turn off Tea Timer in Spybot Search & Destroy. Let's start this over from the beginning, and run Smitfraud again, and post the log. Delete the copy of Smitfraud you have and download it again. Link to post Share on other sites More sharing options...
doug barry Posted October 25, 2007 Author ID:9070 Share Posted October 25, 2007 OK make sure you have the system set to show hidden files. Please set your system to show all files; Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK. Make sure you are using an administrator account. Turn off Tea Timer in Spybot Search & Destroy. Let's start this over from the beginning, and run Smitfraud again, and post the log. Delete the copy of Smitfraud you have and download it again.Hi again. Sorry for delays.I haven't had any problems since I ran Smitfraud last week. I've lost the "Windows" popup, I can access the Microsoft website again, and I can use task manager (which was also blocked before).For completeness, I'm including Smitfraud and HJT logs below.But basically, I think I'm OK now, and I just want to say an enormous tthankyou for all your effort (and for adapting to my dreadful misuse of the site).Very many thanksDoug Barry Link to post Share on other sites More sharing options...
JeanInMontana Posted October 26, 2007 ID:9129 Share Posted October 26, 2007 There are no logs Doug. HJT is all I need if you are not having other symptoms. Link to post Share on other sites More sharing options...
doug barry Posted October 28, 2007 Author ID:9202 Share Posted October 28, 2007 There are no logs Doug. HJT is all I need if you are not having other symptoms.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:53:35, on 28/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\VoyagerTest\fts.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\WINDOWS\system32\hphmon05.exeC:\WINDOWS\system32\ezSP_Px.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\PROGRA~1\Sony\SONICS~1\SsAAD.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Common Files\AOL\1138701889\ee\AOLSoftware.exeC:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\WINDOWS\system32\ctfmon.exec:\program files\common files\aol\1138701889\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exec:\program files\common files\aol\1138701889\ee\aolsoftware.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Boots F2CD\Picture Suite\InsDetect.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\AOL 9.0\aoltray.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\AOL\Broadband Assistant\bin\mpbtn.exeC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\AOL 9.0\waol.exeC:\Program Files\AOL 9.0\shellmon.exeC:\Program Files\Common Files\AOL\aoltpspd.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exeO4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138701889\ee\AOLSoftware.exeO4 - HKLM\..\Run: [Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /suO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe iconO4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeO4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: AOL Broadband Assistant.lnk = C:\Program Files\AOL\Broadband Assistant\bin\matcli.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htmO8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?49ac41a05e8f47cab7e4a901936e232O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?49ac41a05e8f47cab7e4a901936e232O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165938726875O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190225056171O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cabO16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8E48DBF3-3E5A-4FC0-BF43-D6BCEFCEC9E8}: NameServer = 205.188.146.145O20 - AppInit_DLLs: hadjajr.iniO22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe--End of file - 11793 bytes Link to post Share on other sites More sharing options...
doug barry Posted October 28, 2007 Author ID:9203 Share Posted October 28, 2007 ThanksTried leaving logs as planned, but ran out of forum memory even for one log. HJT as requested. Again many thanks, no repeat of symptoms so far.Doug Barry Link to post Share on other sites More sharing options...
JeanInMontana Posted October 29, 2007 ID:9235 Share Posted October 29, 2007 Hi Doug, you are still infected. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 1 and hit Enter. * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt Post this log please and a new HJT. * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Link to post Share on other sites More sharing options...
JeanInMontana Posted November 12, 2007 ID:9897 Share Posted November 12, 2007 Due to no response the topic will be closed.The fixes in this topic are for this system only. For assistance open your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts