Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trojan.w32.looksky [RESOLVED]

Started by cloudsuck , Aug 15 2007 09:19 PM

This topic is locked

#1
cloudsuck

Posted 15 August 2007 - 09:19 PM

Member

Member
14 posts

Hi

My computer got infected with this virus: trojan.w32.looksky

I have done the following preperation.
a. System restore
b. SUPERAntiSpyware Home Edition
c. Try to fix it with smidfraud fix, to no avail.

I'm pasting the following reports

1.Smidfraudfix
2.Dss main and extra
3. Hijackthis report.

Not sure if the order is right. I'm computer illiterate. Please be patient with me ;-)

I'm awaiting further instructions

Thanks in advance.

Jaco

HERE GOES

1.SmitFraudFix v2.212

Scan done at 11:10:41.12, Wed 08/15/2007
Run from C:\Documents and Settings\Jaco\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\duocore.dll FOUND !
C:\WINDOWS\wmpconf.dll FOUND !
C:\WINDOWS\wmpenv.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jaco

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jaco\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jaco\FAVORI~1

C:\DOCUME~1\Jaco\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VideoAccessCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 85.255.114.38
DNS Server Search Order: 85.255.112.7

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 85.255.114.38
DNS Server Search Order: 85.255.112.7

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0796A603-31F7-4BAF-A5C1-91F5DFDB17D8}: DhcpNameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CCS\Services\Tcpip\..\{63E05391-0074-4700-B10F-CC458EDABB06}: NameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E558FE0-2500-4468-A27D-36E33B963518}: NameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer=85.255.114.38 85.255.112.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0796A603-31F7-4BAF-A5C1-91F5DFDB17D8}: DhcpNameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{63E05391-0074-4700-B10F-CC458EDABB06}: NameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E558FE0-2500-4468-A27D-36E33B963518}: NameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer=85.255.114.38 85.255.112.7
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0796A603-31F7-4BAF-A5C1-91F5DFDB17D8}: DhcpNameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CS2\Services\Tcpip\..\{63E05391-0074-4700-B10F-CC458EDABB06}: NameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E558FE0-2500-4468-A27D-36E33B963518}: NameServer=85.255.114.38,85.255.112.7
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.38 85.255.112.7
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.38 85.255.112.7
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.114.38 85.255.112.7

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

2. Deckard's System Scanner v20070809.63
Run by Jaco on 2007-08-16 at 10:38:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
67: 2007-08-16 02:38:19 UTC - RP329 - Deckard's System Scanner Restore Point
66: 2007-08-16 01:43:45 UTC - RP328 - Installed SUPERAntiSpyware Free Edition
65: 2007-08-15 04:22:29 UTC - RP327 - Restore Operation
64: 2007-08-15 03:18:22 UTC - RP326 - Deckard's System Scanner Restore Point
63: 2007-08-14 05:46:32 UTC - RP325 - System Checkpoint

-- First Restore Point --
1: 2007-05-18 04:17:38 UTC - RP263 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 480 MiB (512 MiB recommended).

-- HijackThis (run as Jaco.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:39:39 AM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Jaco\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Jaco.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Hi Net.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63E05391-0074-4700-B10F-CC458EDABB06}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E558FE0-2500-4468-A27D-36E33B963518}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {B359AC00-5118-4462-A14B-C45FC5CDD0BA} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {1EE9A7CA-DD74-4747-B0C2-2DBE08F7FDD4} - C:\WINDOWS\wmpconf.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 AEXPAM (Philips SmartManage Service) - c:\windows\system32\drivers\aexpamdrv.sys <Not Verified; Philips Consumer Electronics Co.; Philips SmartManage>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 snpstd (LG Web_Camera) - c:\windows\system32\drivers\snpstd.sys <Not Verified; ; PC Camera driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-07-10 16:58:01 512 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Jaco at 3 56 PM.job

-- Files created between 2007-07-16 and 2007-08-16 -----------------------------

2007-08-16 09:44:17 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-16 09:43:49 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-16 09:43:49 0 d-------- C:\Documents and Settings\Jaco\Application Data\SUPERAntiSpyware.com
2007-08-16 09:43:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-15 12:22:45 0 d-------- C:\Program Files\VideoAccessCodec
2007-08-15 11:17:15 6578176 --a------ C:\Documents and Settings\Jaco\ntuser.dat
2007-08-15 11:17:14 679936 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-08-15 11:11:29 4230 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-15 11:10:05 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-15 11:10:04 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-15 11:10:04 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-14 13:07:21 0 --a------ C:\Documents and Settings\Jaco\core
2007-08-12 14:16:44 200704 --a------ C:\WINDOWS\wmpenv.dll <Not Verified; ; IEXPLORE>
2007-08-12 14:16:44 221184 --a------ C:\WINDOWS\wmpconf.dll
2007-08-12 14:16:39 188416 --a------ C:\WINDOWS\duocore.dll <Not Verified; ; BhoNew Module>
2007-08-10 00:45:30 219136 --a------ C:\WINDOWS\system32\unicows.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows ® 95, Windows ® 98, and Windows ® Millennium Operating Systems>
2007-08-10 00:45:29 53248 --a------ C:\WINDOWS\system32\dsnpstd.dll
2007-08-10 00:45:12 367488 --a------ C:\WINDOWS\system32\drivers\snpstd.sys <Not Verified; ; PC Camera driver>
2007-08-10 00:44:55 36864 --a------ C:\WINDOWS\system32\vsnpstd.dll
2007-08-10 00:44:55 61440 --a------ C:\WINDOWS\system32\rsnpstd.dll <Not Verified; ; ResourceDLL>
2007-08-10 00:44:55 61440 --a------ C:\WINDOWS\system32\csnpstd.dll <Not Verified; ; InstallUtil>
2007-08-10 00:44:40 20480 --a------ C:\WINDOWS\usnpstd.exe <Not Verified; ; DelHwKey Application>
2007-08-10 00:44:40 0 d-------- C:\Program Files\Common Files\snpstd
2007-08-08 21:55:38 0 d-------- C:\Program Files\Common Files\Skype
2007-08-08 01:38:11 0 d-------- C:\Program Files\CamView
2007-08-08 01:29:09 53248 --a------ C:\WINDOWS\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.0 Sample>
2007-08-08 01:29:08 286720 --a------ C:\WINDOWS\vsnpstd.exe <Not Verified; ; CameraMonitor Application>
2007-08-05 00:54:01 0 d------c- C:\Documents and Settings\All Users\Application Data\Google
2007-07-31 06:33:27 0 d-------- C:\Documents and Settings\Jaco\Shared
2007-07-31 06:33:01 0 d-------- C:\Documents and Settings\Jaco\Application Data\LimeWire

-- Find3M Report ---------------------------------------------------------------

2007-08-16 10:17:41 0 d-------- C:\Documents and Settings\Jaco\Application Data\Skype
2007-08-16 09:43:11 0 d-------- C:\Program Files\Common Files
2007-08-10 00:42:40 0 d-------- C:\Program Files\Common Files\Logitech
2007-08-09 21:38:47 0 d-------- C:\Program Files\Logitech
2007-08-09 10:59:47 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-08-09 10:33:53 0 d-------- C:\Program Files\Picasa2
2007-08-09 10:21:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-10 15:56:49 0 d-------- C:\Program Files\Common Files\Scanner
2007-07-10 15:56:49 0 d-------- C:\Program Files\CA
2007-07-07 22:09:35 0 d-------- C:\Program Files\MSXML 4.0

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}]
08/11/2007 11:00 PM 188416 --a------ C:\WINDOWS\duocore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [01/07/2005 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [01/07/2005 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [01/07/2005 08:00 AM]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [07/09/2001 06:50 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [07/12/2002 02:03 AM]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/2006 04:24 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/15/2006 09:04 PM]
"SoundMan"="SOUNDMAN.EXE" [08/15/2003 03:34 PM C:\WINDOWS\soundman.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [06/16/2007 07:15 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [05/25/2007 10:47 AM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [05/25/2007 10:45 AM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [06/15/2007 03:22 AM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [06/15/2007 03:22 AM]
"@"="" []
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [06/15/2007 03:22 AM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [06/15/2007 03:22 AM]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [06/10/2004 01:48 PM]
"CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [05/24/2007 03:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [01/07/2005 08:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [08/06/2007 12:43 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpenv"= {B359AC00-5118-4462-A14B-C45FC5CDD0BA} - C:\WINDOWS\wmpenv.dll [08/11/2007 11:00 PM 200704]
"wmpconf"= {1EE9A7CA-DD74-4747-B0C2-2DBE08F7FDD4} - C:\WINDOWS\wmpconf.dll [08/11/2007 11:00 PM 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 01/31/2007 03:00 PM 79368 C:\WINDOWS\system32\UmxWNP.dll

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL

-- End of Deckard's System Scanner: finished at 2007-08-16 at 10:44:03 ---------

Extra:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:06 AM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Hi Net.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63E05391-0074-4700-B10F-CC458EDABB06}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E558FE0-2500-4468-A27D-36E33B963518}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {B359AC00-5118-4462-A14B-C45FC5CDD0BA} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {1EE9A7CA-DD74-4747-B0C2-2DBE08F7FDD4} - C:\WINDOWS\wmpconf.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

3.Logfile of HijackThis v1.99.1
Scan saved at 10:27:06 AM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Hi Net.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63E05391-0074-4700-B10F-CC458EDABB06}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E558FE0-2500-4468-A27D-36E33B963518}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {B359AC00-5118-4462-A14B-C45FC5CDD0BA} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {1EE9A7CA-DD74-4747-B0C2-2DBE08F7FDD4} - C:\WINDOWS\wmpconf.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIP

#2
jwbirdsong

Posted 16 August 2007 - 12:18 AM

Trusted Helper

Retired Staff
668 posts

Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

If you have internet connection problems then do the following :

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

#3
cloudsuck

Posted 16 August 2007 - 08:48 AM

Member

Topic Starter
Member
14 posts

Hi Rorschach

Thanks for your time and quick response

The following reports

1. report.txt

Username "Jaco" - 2007-08-16 22:26:18 [Fixwareout edited 2007/07/05]

»»»»»Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.38 85.255.112.7" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{63E05391-0074-4700-B10F-CC458EDABB06}
"nameserver"="85.255.114.38,85.255.112.7" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7E558FE0-2500-4468-A27D-36E33B963518}
"nameserver"="85.255.114.38,85.255.112.7" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7E926810-BB20-4913-8D78-38150D7C2400}
"nameserver"="85.255.114.38" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0796A603-31F7-4BAF-A5C1-91F5DFDB17D8}
"DhcpNameServer"="85.255.114.38,85.255.112.7" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"SiS KHooker"="C:\\WINDOWS\\system32\\khooker.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"PicasaNet"="\"C:\\Program Files\\Hello\\Hello.exe\" -b"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SoundMan"="SOUNDMAN.EXE"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"
"capfasem"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfasem.exe"
"capfupgrade"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfupgrade.exe"
"QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.1.17.0\\QOELoader.exe\""
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"CaPPcl"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spyware\\CAAntiSpyware.exe /scan"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

2. New Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:43:13 PM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Hi Net.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer = 85.255.114.38 85.255.112.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {B359AC00-5118-4462-A14B-C45FC5CDD0BA} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {1EE9A7CA-DD74-4747-B0C2-2DBE08F7FDD4} - C:\WINDOWS\wmpconf.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#4
jwbirdsong

Posted 18 August 2007 - 04:36 PM

Trusted Helper

Retired Staff
668 posts

You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix.

Open HijackThis and click on Do a system scan only. Place a check mark next to the following:

02 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\duocore.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer = 85.255.114.38 85.255.112.7
O21 - SSODL: wmpenv - {B359AC00-5118-4462-A14B-C45FC5CDD0BA} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {1EE9A7CA-DD74-4747-B0C2-2DBE08F7FDD4} - C:\WINDOWS\wmpconf.dll

Close ALL other open windows and programs and click Fix checked

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply. Also post a Combofix log (below)

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

#5
cloudsuck

Posted 19 August 2007 - 03:16 AM

Member

Topic Starter
Member
14 posts

Hi Rorschach

Computer seems clean. Am a jumpimg the gun?

Here the 2 repoert you asked for.

Thank you.

Jaco

SmitFraudFix v2.212

Scan done at 17:06:02.62, Sun 08/19/2007
Run from C:\Documents and Settings\Jaco\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jaco

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jaco\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jaco\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 85.255.114.38
DNS Server Search Order: 85.255.112.7

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer=85.255.114.38 85.255.112.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer=85.255.114.38 85.255.112.7

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix 07-08-14.4 - "Jaco" 2007-08-19 15:20:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.153 [GMT 8:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\WINDOWS\dat.txt
C:\WINDOWS\wmpconf.dll
C:\WINDOWS\wmpenv.dll

((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))

2007-08-19 15:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 22:26 7,770 --a--c--- C:\dnsbak.reg
2007-08-16 09:44 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-16 09:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-16 09:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 09:43 <DIR> d-------- C:\DOCUME~1\Jaco\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 11:17 679,936 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-08-15 11:17 6,578,176 --a------ C:\DOCUME~1\Jaco\ntuser.dat
2007-08-15 11:16 <DIR> d----c--- C:\Deckard
2007-08-15 11:11 4,230 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-15 11:10 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-15 11:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-15 11:10 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-10 00:45 53,248 --a------ C:\WINDOWS\system32\dsnpstd.dll
2007-08-10 00:45 367,488 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2007-08-10 00:45 219,136 --a------ C:\WINDOWS\system32\unicows.dll
2007-08-10 00:44 61,440 --a------ C:\WINDOWS\system32\rsnpstd.dll
2007-08-10 00:44 61,440 --a------ C:\WINDOWS\system32\csnpstd.dll
2007-08-10 00:44 36,864 --a------ C:\WINDOWS\system32\vsnpstd.dll
2007-08-10 00:44 20,480 --a------ C:\WINDOWS\usnpstd.exe
2007-08-10 00:44 <DIR> d-------- C:\Program Files\Common Files\snpstd
2007-08-08 21:55 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-08 01:38 <DIR> d-------- C:\Program Files\CamView
2007-08-08 01:29 53,248 --a------ C:\WINDOWS\amcap.exe
2007-08-08 01:29 286,720 --a------ C:\WINDOWS\vsnpstd.exe
2007-08-05 16:55 879,832 --a--c--- C:\WINDOWS\system32\drivers\vetefile.sys
2007-08-05 16:55 108,360 --a--c--- C:\WINDOWS\system32\drivers\veteboot.sys
2007-08-05 00:54 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-31 06:33 <DIR> d-------- C:\DOCUME~1\Jaco\Shared
2007-07-31 06:33 <DIR> d-------- C:\DOCUME~1\Jaco\APPLIC~1\LimeWire

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-19 15:29 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-08-19 15:29 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-08-19 15:29 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-08-19 15:29 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-08-19 15:29 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-08-19 15:29 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-08-19 15:29 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-08-19 15:29 136574 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-08-19 15:13 --------- d-------- C:\DOCUME~1\Jaco\APPLIC~1\Skype
2007-08-10 00:42 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-09 21:38 --------- d-------- C:\Program Files\Logitech
2007-08-09 10:59 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-09 10:33 --------- d-------- C:\Program Files\Picasa2
2007-08-09 10:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-10 15:56 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-10 15:56 --------- d-------- C:\Program Files\CA
2007-07-07 22:09 --------- d-------- C:\Program Files\MSXML 4.0
2007-05-28 16:21 256784 --a------ C:\WINDOWS\system32\UmxSbxw.dll
2007-05-28 16:21 117520 --a------ C:\WINDOWS\system32\UmxSbxExw.dll
2007-05-25 10:46 75280 --a------ C:\WINDOWS\system32\isafprod.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2005-01-07 08:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2005-01-07 08:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2005-01-07 08:00]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 18:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-12 02:03]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-15 21:04]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 15:34 C:\WINDOWS\soundman.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 07:15]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-05-25 10:47]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-25 10:45]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-06-15 03:22]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-06-15 03:22]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-06-15 03:22]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-06-15 03:22]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [2007-05-24 15:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-07 08:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 15:00 79368 C:\WINDOWS\system32\UmxWNP.dll

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"

Contents of the 'Scheduled Tasks' folder
2007-07-10 08:58:01 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Jaco at 3 56 PM.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 15:33:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 15:47:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-19 15:47

--- E O F ---

#6
jwbirdsong

Posted 19 August 2007 - 09:27 AM

Trusted Helper

Retired Staff
668 posts

Am a jumping the gun?

A little bit, but not by much.

First I need to apologize to you and Rorschach.

When I 1st replied to you I was not at home on my computer and did not have access to my tools and speeches, I needed the fix wareout speech and ran across Rorschach's thread so I just "borrowed" his. I didn't realize I had cut/pasted his name also.

You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix.

Open HijackThis and click on Do a system scan only. Place a check mark next to the following:(if they are still there)

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer = 85.255.114.38 85.255.112.7
O21 - SSODL: wmpenv - {B359AC00-5118-4462-A14B-C45FC5CDD0BA} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {1EE9A7CA-DD74-4747-B0C2-2DBE08F7FDD4} - C:\WINDOWS\wmpconf.dll

Close ALL other open windows and programs and click Fix checked.

Clean your Cache and Cookies in IE:
Go to Control Panel > Internet Options > General tab.
Click the "Delete Cookies" button and then the "Delete Files" button next to it.
When prompted, place a check in: "Delete all offline content",
(You will have to re-enter passwords at websites that require them.)
Click OK

Clean other Temporary files + Recycle bin:
Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a fresh HijackThis log

#7
cloudsuck

Posted 19 August 2007 - 10:56 AM

Member

Topic Starter
Member
14 posts

No need to apologize!

Sorry, I did not get your name?

"Once you are on the Panda site click the Scan your PC button"

Nothing happens when I click this button. Please advise

In the meantime here is a fresh Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 12:45:11 AM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Hi Net.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer = 85.255.114.38 85.255.112.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#8
jwbirdsong

Posted 19 August 2007 - 11:05 AM

Trusted Helper

Retired Staff
668 posts

There is the one persistant 017 line in the HJT logt...
Re-run Fixwareout as in post 2

Then try a different Online scan then..Panda CAN be fairly quirky sometimes.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

When done post the Kaspersky log and a fresh HijackThis log and the fixwareout report.

#9
cloudsuck

Posted 19 August 2007 - 11:40 AM

Member

Topic Starter
Member
14 posts

"Please do an online scan with Kaspersky WebScanner"

kaspersky seems also quirky. I don't get further than the Privacy Statement. Any other suggestions?

#10
cloudsuck

Posted 19 August 2007 - 09:30 PM

Member

Topic Starter
Member
14 posts

i googled online scanners and i thought this might also work.

3 Reports
- Ewido report
- Fresh hijackthis log
- fixware report

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: Adware.Generic
Path: HKU\S-1-5-21-117609710-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.7:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.18:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.19:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.20:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.21:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.22:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.23:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.24:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.25:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.26:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.27:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.28:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.29:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.30:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.68:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.69:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.70:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.75:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: :mozilla.77:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.78:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.79:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.80:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.112:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.113:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.117:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.118:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.119:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.120:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.121:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.122:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.133:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.141:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.142:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.143:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.144:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.145:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.183:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.184:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.185:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.186:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.187:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.188:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.189:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.190:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.191:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.192:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.193:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.194:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.195:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.196:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.197:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.198:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.199:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.200:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.201:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.202:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.231:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.232:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.233:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.234:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.235:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.236:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.270:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.271:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paypal
Path: :mozilla.272:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.291:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.304:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.305:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adnet
Path: :mozilla.333:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adnet
Path: :mozilla.334:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adnet
Path: :mozilla.335:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.336:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.337:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.338:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.339:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.340:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.343:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.344:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.357:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.396:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Connextra
Path: :mozilla.430:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.439:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.440:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.441:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.442:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.443:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.444:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.445:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.446:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Estat
Path: :mozilla.496:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Wegcash
Path: :mozilla.517:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Wegcash
Path: :mozilla.518:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.562:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hotlog
Path: :mozilla.582:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.661:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.695:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.703:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.797:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.829:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.847:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.848:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.849:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.850:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.851:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.852:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.853:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.854:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.855:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.856:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.882:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.883:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.884:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.885:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.886:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Skype
Path: :mozilla.894:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Skype
Path: :mozilla.895:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Skype
Path: :mozilla.896:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.902:C:\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\30fshzbg.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Skype
Path: :mozilla.23:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.37:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: :mozilla.38:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: :mozilla.39:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.61:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.108:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.109:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.110:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: :mozilla.111:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: :mozilla.112:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: :mozilla.113:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.119:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.133:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.134:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.135:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.138:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.143:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.144:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.145:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.148:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.149:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.150:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.151:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.152:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.153:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.154:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.155:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.156:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.157:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.158:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.159:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.160:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.161:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.162:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.163:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.164:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.165:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.166:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.167:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.168:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.169:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.170:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.171:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.172:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.173:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.174:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.175:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.176:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.177:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.178:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.179:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.180:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.181:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.182:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.183:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.184:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.185:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.186:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.187:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.188:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.189:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.190:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.191:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.192:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.193:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.194:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.195:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.196:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.197:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.198:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.199:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.200:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.204:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.205:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.206:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.207:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.208:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.217:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.218:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.219:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.220:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.221:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.222:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.223:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.224:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.225:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.226:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.227:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.228:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.229:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.230:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.231:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.232:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.233:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.234:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.235:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.236:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.237:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.238:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.239:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.246:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: :mozilla.250:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: :mozilla.251:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bfast
Path: :mozilla.263:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: :mozilla.266:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.269:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.270:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.271:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.272:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.273:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.274:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.282:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.284:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.285:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.286:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.287:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adobe
Path: :mozilla.290:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.296:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: :mozilla.306:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paypal
Path: :mozilla.313:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.331:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.333:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.334:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.335:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.337:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.338:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.339:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.344:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.345:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.346:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.347:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.348:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.349:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.350:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.351:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.384:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.401:C:\Documents and Settings\Jaco\My Documents\Documents

#11
jwbirdsong

Posted 20 August 2007 - 12:07 AM

Trusted Helper

Retired Staff
668 posts

That's fine if you can post (or atttach) all of the logs...

Use as many post as it takes.

#12
cloudsuck

Posted 20 August 2007 - 08:12 AM

Member

Topic Starter
Member
14 posts

Ewido report (continue)

Name: TrackingCookie.Mediaplex
Path: :mozilla.401:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: :mozilla.416:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.417:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.430:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.437:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.438:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickhype
Path: :mozilla.444:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickhype
Path: :mozilla.445:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.463:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.464:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.465:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.475:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.496:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.497:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.498:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.499:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.572:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: :mozilla.573:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.594:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.595:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.596:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.597:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.598:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.599:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.600:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.601:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.602:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.603:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.604:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.605:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.606:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.607:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.608:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.609:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.610:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.611:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.612:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.613:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.614:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.615:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.616:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.617:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.618:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.619:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: :mozilla.664:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: :mozilla.665:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hypertracker
Path: :mozilla.733:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.778:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.790:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paycounter
Path: :mozilla.817:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pro-market
Path: :mozilla.845:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: :mozilla.862:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.877:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: :mozilla.896:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: :mozilla.897:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Cqcounter
Path: :mozilla.899:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.938:C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Application Data\Mozilla\Firefox\Profiles\j6q1dooo.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Cookies\[email protected][1].txt
Risk: Medium

Name: Adware.180Solutions
Path: C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\res1E1.tmp
Risk: Medium

Name: Adware.180Solutions
Path: C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\res1E8.tmp/clientax.dll
Risk: Medium

Name: Adware.180Solutions
Path: C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\res1E8.tmp/clientax.dll
Risk: Medium

Name: Adware.180Solutions
Path: C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\res1EA.tmp
Risk: Medium

Name: Not-A-Virus.Exploit.HTML.CodeBaseExec
Path: C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LURCXIB\send_ocx_sof[1].htm
Risk: Low

Name: Not-A-Virus.Exploit.HTML.CodeBaseExec
Path: C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5U349EN\send_car_int[1].htm
Risk: Low

Name: Downloader.Swizzor.af
Path: C:\Documents and Settings\Jaco\My Documents\software\工具包-20040119\MsgPlus-254.exe/70000011.exe
Risk: High

Name: Trojan.P2E.cl
Path: C:\Documents and Settings\Jaco\My Documents\WINDOWS\eg_auth_1049.dll
Risk: High

Name: Trojan.P2E.cl
Path: C:\Documents and Settings\Jaco\My Documents\WINDOWS\p2esocks_1049.dll
Risk: High

Name: Adware.SurfAccuracy
Path: C:\Documents and Settings\Jaco\My Documents\WINDOWS\rmqthu.exe
Risk: Medium

Name: Trojan.P2E.cl
Path: C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\eg_auth_srv_1049.dll
Risk: High

Name: Downloader.Zlob.rh
Path: C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\hp7B0C.tmp
Risk: High

Name: Downloader.Zlob.mu
Path: C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\ld7A21.tmp
Risk: High

Name: Dialer.EGroup.u
Path: C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\sysiasvc32.dll
Risk: High

Name: Trojan.DNSChanger.jb
Path: C:\System Volume Information\_restore{02927FC1-A45F-4356-B739-1AD2E65289A0}\RP278\A0037540.exe
Risk: High

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:19:33 AM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Hi Net.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E926810-BB20-4913-8D78-38150D7C2400}: NameServer = 85.255.114.38 85.255.112.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

fixwareout report

Username "Jaco" - 2007-08-20 1:18:23 [Fixwareout edited 2007/07/05]

»»»»»Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7E926810-BB20-4913-8D78-38150D7C2400}
"nameserver"="85.255.114.38" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"SiS KHooker"="C:\\WINDOWS\\system32\\khooker.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"PicasaNet"="\"C:\\Program Files\\Hello\\Hello.exe\" -b"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SoundMan"="SOUNDMAN.EXE"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"
"capfasem"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfasem.exe"
"capfupgrade"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfupgrade.exe"
"QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.1.17.0\\QOELoader.exe\""
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"CaPPcl"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spyware\\CAAntiSpyware.exe /scan"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

#13
jwbirdsong

Posted 22 August 2007 - 05:00 PM

Trusted Helper

Retired Staff
668 posts

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\
C:\Documents and Settings\Jaco\My Documents\software\工具包-20040119\MsgPlus-254.exe/70000011.exe
C:\Documents and Settings\Jaco\My Documents\WINDOWS\eg_auth_1049.dll
C:\Documents and Settings\Jaco\My Documents\WINDOWS\p2esocks_1049.dll
C:\Documents and Settings\Jaco\My Documents\WINDOWS\rmqthu.exe
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\eg_auth_srv_1049.dll
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\hp7B0C.tmp
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\ld7A21.tmp
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\sysiasvc32.dll
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Post a fresh HijackThis also.
How's the computer running now?

#14
cloudsuck

Posted 22 August 2007 - 08:08 PM

Member

Topic Starter
Member
14 posts

computer seems fine. No more pop ups since a few days ago. I'm really very grateful

The following files you requested:

Moveit

C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\{d671ddcb-ab8f-4307-83f5-c493ff93dd01} moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\{B020C4E5-4331-4803-B4D7-DD04BEA2F792}\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538} moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\{B020C4E5-4331-4803-B4D7-DD04BEA2F792} moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\{AC76BA86-1033-0000-7760-000000000002} moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Zango moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\yaco\yaco moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\yaco moved successfully.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx9 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx8 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx7 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx6 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx5 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx4 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx3 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx2 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx18 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx17 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx16 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx15 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx14 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx11 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\xx10 scheduled to be moved on reboot.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\WebshotsTemp moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\VBE moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\undo7 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\undo6 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\undo5 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\undo4 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\undo3 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\undo2 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\undo1 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\undo0 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Quest3D0 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\plugtmp-3 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\plugtmp-2 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\plugtmp-1 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\plugtmp moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Picasa2\Picasa filecheck moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Picasa2 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\outlook logging moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\OfficeUpdate moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\NAILogs moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\msohtml11 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\msohtml1 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\msohtml moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\kmtemp moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ImInstaller\IncrediMail moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ImInstaller moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\hsperfdata_Jaco moved successfully.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\FW___ scheduled to be moved on reboot.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ff_temp moved successfully.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\DkUSSave scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\DkLiSave scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\DkLFeSave scheduled to be moved on reboot.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Cddb\11054336 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Cddb moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Adobe\Designer moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Adobe\Acrobat moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Adobe moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\Acrobat Distiller 7 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ABCHtml7 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ABCHtml6 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ABCHtml5 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ABCHtml4 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ABCHtml3 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ABCHtml2 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ABCHtml1 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp\ABCHtml0 moved successfully.
C:\Documents and Settings\Jaco\My Documents\Documents and Settings\Jaco\Local Settings\Temp moved successfully.
File/Folder C:\Documents and Settings\Jaco\My Documents\software\???-20040119\MsgPlus-254.exe/70000011.exe not found.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\eg_auth_1049.dll unregistered successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\eg_auth_1049.dll moved successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\p2esocks_1049.dll unregistered successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\p2esocks_1049.dll moved successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\rmqthu.exe moved successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\eg_auth_srv_1049.dll unregistered successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\eg_auth_srv_1049.dll moved successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\hp7B0C.tmp moved successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\ld7A21.tmp moved successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\sysiasvc32.dll unregistered successfully.
C:\Documents and Settings\Jaco\My Documents\WINDOWS\system32\sysiasvc32.dll moved successfully.

Created on 08/23/2007 07:46:37

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 9:56:49 AM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Hi Net.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#15
jwbirdsong

Posted 22 August 2007 - 08:26 PM

Trusted Helper

Retired Staff
668 posts

Good job your log is clean.

You can delete the Fixwareout folder/files now..
You can alao click the CleanUp button on OTMoveit

First, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

You also NEED to update your Java...follow guidelines HERE

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

More info and download is available at links in the following article by TonyKlein

Make SURE to read How Did I Get Infected in the First Place??