Anything I Need to be aware of?

[cshs81]

I ran ad-aware, spybot, cleanup!, and ewido prior to the following HJT log

Logfile of HijackThis v1.99.1
Scan saved at 3:03:17 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jazzercise.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.easysite.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - http://www.easysite.com/controls/ImgXTwain61.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - http://www.easysite.com/controls/ImgXDialog61.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141614964793
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - http://www.easysite.com/controls/ImgX61.CAB
O16 - DPF: {912FB007-DD9A-11D3-BD8D-DAAFCB8D9378} (VideoCapX Control) - http://www.easysite.com/Controls/VideoCapX.CAB
O16 - DPF: {E22CCE14-B7AC-11D1-A1C2-444553540000} (ChadoSpellText.SpellText) - http://www.easysite.com/controls/ChadoSpellText.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.easysite.com/controls/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Your help is appreciated.

[suebaby41]

Welcome to the Tech Support Forums. Please post the two text files, main.txt and extra.txt produced by theDeckard's System Scanner (formerly Comboscan) as instructed in IMPORTANT - Read This Before Posting A Log.

Deckard's System Scanner gives us additional information. Thank you for your patience.

We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources, both yours and ours. Every Analyst will work in a different way. If you have already posted at another Forum, please advise us, or them, and choose just one.

During the cleaning process, if any other issues appear, please let us know.

[cshs81]

Deckard's System Scanner v20070602.46
Run by Owner on 2007-06-03 at 20:10:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
42: 2007-06-04 00:10:14 UTC - RP510 - Deckard's System Scanner Restore Point
41: 2007-06-03 15:17:15 UTC - RP509 - System Checkpoint
40: 2007-06-02 15:03:38 UTC - RP508 - System Checkpoint
39: 2007-06-01 14:14:20 UTC - RP507 - System Checkpoint
38: 2007-05-31 13:28:11 UTC - RP506 - System Checkpoint


-- First Restore Point --
1: 2007-04-29 13:16:04 UTC - RP469 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:11:40 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\My Documents\Maint Routines\dss.exe
C:\DOCUME~1\Owner\Desktop\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jazzercise.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.easysite.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - http://www.easysite.com/controls/ImgXTwain61.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - http://www.easysite.com/controls/ImgXDialog61.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141614964793
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - http://www.easysite.com/controls/ImgX61.CAB
O16 - DPF: {912FB007-DD9A-11D3-BD8D-DAAFCB8D9378} (VideoCapX Control) - http://www.easysite.com/Controls/VideoCapX.CAB
O16 - DPF: {E22CCE14-B7AC-11D1-A1C2-444553540000} (ChadoSpellText.SpellText) - http://www.easysite.com/controls/ChadoSpellText.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.easysite.com/controls/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\HIJACK~1\backups\) ------

backup-20060305-135445-346 O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>

S3 iscFlash - c:\windows\system32\drivers\iscflash.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 QCMerced (Logitech QuickCam Communicate) - c:\windows\system32\drivers\lvcm.sys (file missing)
S3 SAUSBHW (%SAUSBHW.SvcDesc%) - c:\windows\system32\drivers\sausb.sys <Not Verified; ; USB Reader>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NMSSvc (Intel(R) NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-02 18:59:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-05-03 and 2007-06-03 -----------------------------

2007-05-09 03:07:02 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


-- Find3M Report ---------------------------------------------------------------

2007-06-02 11:16:24 0 d-------- C:\Program Files\ewido anti-malware
2007-05-31 23:37:59 6685 --a------ C:\WINDOWS\mozver.dat
2007-05-27 15:43:44 0 d-------- C:\Program Files\Napster
2007-05-22 21:55:57 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-05-19 23:29:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-11 22:33:06 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-11 22:30:47 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-04-11 21:17:09 542 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2007-04-11 21:15:57 1167 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2007-04-04 07:19:52 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ C:\WINDOWS\warnhp.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NMSCFG


-- End of Deckard's System Scanner: finished at 2007-06-03 at 20:12:23 ---------


Deckard's System Scanner v20070602.46
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 253.8 MiB / 65.73 MiB
Pagefile Memory (total/avail): 624.83 MiB / 356.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1976.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.28 GiB total, 24.15 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.337.000 (Check Point, LTD.)
AV: AVG 7.5.472 v7.5.472 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAMILY-G0VYZ3E9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\FAMILY-G0VYZ3E9
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=FAMILY-G0VYZ3E9
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
GREG (admin)
Ryan (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CACA4016-6B3D-460F-A9E8-767CE6E9D1D1}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Backyard Baseball 2003 --> C:\PROGRA~1\INFOGR~1\BACKYA~1\UNWISE.EXE C:\PROGRA~1\INFOGR~1\BACKYA~1\INSTALL.LOG
Baseball Statistics System --> MsiExec.exe /I{4EBC70EA-CF89-461F-89DE-A806D616CDB9}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Combo Digital Film Reader USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA4CD4BA-7DD4-4527-815D-04805B1865AC}\Setup.exe"
Digital Blue(tm) PC Digital Movie Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1FCD24B-73FD-11D6-A14B-00105AC953E9}\Setup.exe" -l0x9
ENUFF PC --> C:\WINDOWS\_ENREM.EXE
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B5E306B-FE18-4585-B493-61A7CF9C162E}\setup.exe" -l0x9
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Inspire Chat --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.hiprelay.com/IS/InspireChat.jnlp"
Intel(R) 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
Intel(R) PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kaspersky On-line Scanner --> C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe
LimeWire 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MailWasher Free --> "C:\Program Files\MailWasher\unins000.exe"
Microsoft Office Access 2003 Runtime --> MsiExec.exe /I{901C0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Move Networks Player for Firefox --> "C:\PROGRA~1\MOZILL~1\plugins\unins000.exe"
Mozilla Firefox (1.5.0.12) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Netscape Browser (remove only) --> "C:\Program Files\\Netscape\\Netscape Browser\NSUninst.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924EAD66-F854-4605-8493-696DD59A113B}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TaxACT 2006 --> C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
TaxACT Kentucky 2006 --> C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unst06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\KY.log
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"
World Book Millennium 2000 --> "C:\Program Files\WB00d1se\Wbuninst.exe" C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\WB00d1se\DeIsL1.isu
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2007-06-03 at 20:12:23 ---------



Thanks.

[suebaby41]

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 1

I noticed that you have some programs that need to be updated.

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..

• Close any programs you may have running, ESPECIALLY your web browser
• Click Start > Control Panel.
• Click Add/Remove Programs.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove all versions of Java.
• Reboot your computer after all Java components are removed.

Please download the latest Java Runtime Environment.

• Scroll down to where it says Java Runtime Environment (JRE) 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
• Click the Download button to the right.
• Check the box that says: Accept License Agreement.
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• On your desktop, double-click on jre-6-windows-i586.exe to install the newest version.

After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the JAVA SOFTWARE MANUAL DOWNLOAD page.

Your "Adobe Reader" is out of date.
You may want to download the latest version, Adobe® Reader® 8.

Step 2

Please place HijackThis into ITS OWN PERMANANT FOLDER.

1. You can do this by going to My Computer (Windows key+e).
2. Double click on C:
3. If the folder is hidden, click on show the contents of this folder.
4. Right-click on a blank space in the right column and select New > Folder
5. Name it HJT (C:\HJT\HijackThis.exe
6. Move HijackThis.exe into this folder.
7. When you run HijackThis.exe from the [color=dark red]"C:\HJT"[/color] folder and have it Fixed checked, it will create a backup file of modifications to use which are easily accessible if restoring any files is necessary.

If needed, here are two tutorials, HijackThis Folder Tutorial and How to Download, Extract and Run HijackThis.

Step 3

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 4

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.

Please uninstall Ewido.; it has been replaced by AVG Anti-Spyware.

To uninstall the Ewido.

1. Click Start > Control Panel.
2. In Control Panel, double-click Add or Remove Programs.
3. In Add or Remove Programs, highlight Ewido, click Remove.
4. Close the Add or Remove Programs and the Control Panel windows.
5. Using Windows Explorer (Windows key+e), search for the Ewido folder. If the program folder is still there, select/highlight the Ewido folder. DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
6. Close Windows Explorer.

Please download and install AVG Anti-Spyware (formerly Ewido).

• Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security:
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active Internet connection to perform this)
  • Wait until you see the Update successful message.
• Right-click the AVG Anti-Spyware Tray Icon. and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
• If you are having problems with the updater, you can use this link, AVG Anti-Spyware manual updates, to manually update AVG Anti-Spyware..
• Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Scan With AVG Anti-Spyware. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process.

• Close ALL open Windows / Programs / Folders. Reboot to Safe Mode (without networking support !) If you don’t know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode.
• Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All boxes should be checked.
    • Under Possibly unwanted software:
      • All boxes should be checked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
• Reboot in Normal Mode.

Step 5

The ATF-Cleaner program is for XP and Windows 2000 only.
ATF-Cleaner features include:

• Cleaning of all user temp folders, administrator only can use this feature.
• Cleaning of the Java cache, which seems to be harboring more and more malware.
• Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.

Please download the ATF-Cleaner by Atribune.
Instructions:

• Double-click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch (Windows XP) only
  • Java Cache
• The rest are optional - if you want to remove them all, check Select All.
• Click the Empty Selected button.
• When you get the Done Cleaning message, click OK.

If you use the Firefox browser:

• Click Firefox at the top and choose: Select All.
• Click the Empty Selected button.
• When you get the Done Cleaning message, click OK.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser:

• Click Opera at the top and choose: Select All.
• Click the Empty Selected button.
• When you get the Done Cleaning message, click OK.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 6

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any):

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

You have RealPlayer running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in RealPlayer itself to keep it from resetting itself. Item(s) to fix in HijackThis:

O4 ‑ HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" ‑osboot

IDriverT.exe (InstallShield- InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. idrivert.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:

1. Right-click on My Computer and choose Manage.
2. Expand the Services and Applications section and click on Services.
3. On the right-side of the screen, find the entry for the service identified in the 023 line of HijackThis and double-click on it.
4. Change the Startup Type: to Manual.
5. Hit the OK button and close the Computer Management screen.

Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

ipodservice.exe is a process belonging to Apple's iTunes peer-to-peer download tool. The ipodservice.exe process is a utility used to download mp3 files for your iPod. If you do not use it, or do not have an iPod, you can safely disable this process. This process can be removed to free up resources without compromising system performance. It is advised that you disable this program so that it does not take up necessary resources. To disable ipodservice, click Start > Settings > Control Panel > Performance and Maintenance > Administrative Tools > Services. Find the IpodService, Right-click and select Properties. Change the setting in StartUp type: to Disabled or click Start > Run. Type services.msc Find the IpodService, Right-click and select Properties. Change the setting in StartUp type to Disabled to disable the service. Item(s) to fix in HijackThis:
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

If you did not add the listed domain to the Trusted Zones yourself, have HijackThis fix it.

O15 - Trusted Zone: *.easysite.com

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 7

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 8

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the logs from AVG Anti-Spyware and the list of filenames and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.

[cshs81]

Logfile of HijackThis v1.99.1
Scan saved at 10:37:00 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jazzercise.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.easysite.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - http://www.easysite.com/controls/ImgXTwain61.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - http://www.easysite.com/controls/ImgXDialog61.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141614964793
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - http://www.easysite.com/controls/ImgX61.CAB
O16 - DPF: {912FB007-DD9A-11D3-BD8D-DAAFCB8D9378} (VideoCapX Control) - http://www.easysite.com/Controls/VideoCapX.CAB
O16 - DPF: {E22CCE14-B7AC-11D1-A1C2-444553540000} (ChadoSpellText.SpellText) - http://www.easysite.com/controls/ChadoSpellText.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.easysite.com/controls/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:11:18 PM 6/15/2007

+ Scan result:



C:\System Volume Information\_restore{705C879F-75A0-45FC-9B6A-895CFE66702B}\RP494\A0110102.exe -> Adware.180Solutions : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-1.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Live : Cleaned.
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Live : Cleaned.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Live : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\aii6y7kj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookiesnew.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\my8b1sqy.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

[suebaby41]

HijackThis is an analysis AND a repair tool. When you fix something in HijackThis, you are deleting a bad entry in the Windows Registry. In case of a mistake being made, there is a reversal for line entry deletions. HijackThis creates a new file which is a backup log of changes and you can reverse the line entry deletion. BUT...HijackThis needs a safe folder to keep these critical backup logs and if you save HijackThis to your desktop, you may easily lose track of the backup log in the wallpaper area (or someone might delete the backup file by dragging it to the Recycle Bin).

Please place HJT into ITS OWN PERMANANT FOLDER. It also needs to be removed from the desktop.

1. You can do this by going to My Computer (Windows key+e).
2. Double click on C:
3. If the folder is hidden, click on show the contents of this folder.
4. Right-click on a blank space in the right column and select New > Folder
5. Name it HJT (C:\HJT\HijackThis.exe)
6. Move HijackThis.exe into this folder.
7. When you run HijackThis.exe from the "C:\HJT" folder and have it Fixed checked, it will create a backup file of modifications to use which are easily accessible if restoring any files is necessary.
8. If required, a tutorial is here = HijackThis Folder Tutorial and How to Download, Extract and Run HijackThis.

Your log appears to be clean. Please advise me of any problems you still have. Please respond to this thread one more time so we can mark this thread as resolved. Thanks.

Tools Downloaded To Clean Your Computer

I asked you to install some tools. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:

1. Click Start > Control Panel.
2. In Control Panel, double-click Add or Remove Programs.
3. In Add or Remove Programs, highlight the program, click Remove.
4. Close the Add or Remove Programs and the Control Panel windows.

Optional Tools:

1. Ad-Aware SE Personal Edition scans, detects, and removes spyware on your computer.
2. ATF-Cleaner features include:
   • Cleaning of all user temp folders, administrator only can use this feature.
   • Cleaning of the Java cache, which seems to be harboring more and more malware.
   • Cleaning the cache, cookies, history, download history, visited links and saved passwords.
3. AVG Anti-Spyware is a good scanner to use. This will auto update for the trial period of 30 days. Afterwards, you will need to update manually before scanning. Scan weekly if you have high Internet use.
4. HijackThis may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.

Restore the default settings for files/folders.

1. Go to My Computer.
2. Select the Tools menu and click Folder Options.
3. Click the View tab.
4. Under Advanced Settings, click the Restore Defaults button in the lower right corner.
5. Click Apply and then the OK and close My Computer.

Please take the time to read my All Clean Post. .

Please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
   Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
   1. Close all open programs. Then right-click My Computer on the Windows desktop
   2. Click on Properties.
   3. Click on the System Restore tab.
   4. Check Turn off System Restore on all drives.
   5. Restart the system.
   6. Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step D.
   7. You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
2. Make your Internet Explorer more secure: This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
   5. When all these settings have been made, click on the OK button.
   6. If it asks you if you want to save the settings, press the Yes button.
   7. Next press the Apply button and then the OK to exit the Internet Properties page.
3. Use IE-SPYAD: Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
4. Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
   Computer Safety On line - Software Firewalls
5. Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
   Computer Safety On line - Anti-Virus
6. Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
7. You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
   Using Spybot - Search & Destroy to remove Spyware from Your Computer
8. You should scan your computer with Ad-Aware as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
   Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
9. Install SpywareBlaster: SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
   Computer Safety on line Anti Malware
10. Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button on the task bar at the bottom of your screen
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then doubleclick it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click OK.
11. Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
12. Please read Tony Klein's excellent article: How I got Infected in the First Place
13. Please read Understanding Spyware, Browser Hijackers, and Dialers
14. Please read Simple and easy ways to keep your computer safe and secure on the Internet.
15. If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
16. Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
17. If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.

Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!

[cshs81]

Quote:

Originally Posted by suebaby41

Please follow these simple steps in order to keep your computer clean and secure:[list=1][*][color=blue]Disable and Enable System Restore.

I'm not clear as to when I should disable the system restore that you mention. After I run routines such as AFT? Ad-aware?

Please clarify for me.

Quote:

Use a Firewall:

Quote:

- I cannot stress how important it is that you use a Firewall on your computer.

I use the free version of Zone Alarm. Is that sufficient?

[cshs81]

Quote:

Originally Posted by suebaby41

Please take the time to read my All Clean Post. [/b][/color].

One more question. Is your "all clean post" something outside of this thread?

[suebaby41]

Quote:

One more question. Is your "all clean post" something outside of this thread?

Please take the time to read my All Clean Post is the beginning of my All Clean Post.

Quote:

I'm not clear as to when I should disable the system restore that you mention. After I run routines such as AFT? Ad-aware?

Please clarify for me.

We suggest that after we finish cleaning your log, you disable and enable System Restore. This makes sure that you do not try to use the System Restore point that includes all the malware.

Quote:

I use the free version of Zone Alarm. Is that sufficient?

Yes.

[cshs81]

One last question - would anything I ran caused me to have problems with downloading songs through Napster? I download quite often but the first time I tried after applying these fixes, I had a problem - Napster did not recognize my PC.

Could be a coincidence.

[suebaby41]

Nothing that we did should have caused any problems with Napster. Try uninstalling and reinstalling Napster. Lots of times, programs get corrupted for some unknown reason.

[suebaby41]

This subject is now closed. If you need this topic reopened, please contact a member of the TSF Security Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic. Please reply to this thread. If your problem has been resolved, please let us know. Thanks.