Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A few stubborn pests

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

A few stubborn pests

Unread postby JustinW » January 23rd, 2007, 5:41 pm

Logfile of HijackThis v1.99.1
Scan saved at 4:39:56 PM, on 1/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RUNDLL32.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\3com\Connection Assistant\bin\mpbtn.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\AOL\1128451242\ee\aolsoftware.exe
c:\program files\common files\aol\1128451242\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1128451242\ee\aolsoftware.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ytmnd.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = forbin.qc.edu:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: 3Com Connection Assistant.lnk = C:\Program Files\3com\Connection Assistant\bin\matcli.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AOL Toolbar search - res://c:\program files\common files\aolcoach\en_en\player\plugin\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm
Advertisement
Register to Remove

Unread postby Navigator » January 24th, 2007, 3:45 pm

Hello Justin...welcome to Malware Removal!

What particular 'stubborn pests' are you referring to? I do not see any particular malware in your HJT log...but I do see some things to look at/fix:

1. You seem to be running two AV programs... Avast and AOL/McAfee (I think that McAfee is part of the AOL security program)....

Running more than one AV program is not a good idea. Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

I would recommend that you choose one program to go forward with and remove the other.

2. Your Java is out of date

3. You have Party Poker on your system....

If you didn't install this or plan to use this I suggest it be uninstalled. Because in most cases, these programs are supported by malware, getting installed without asking permission, and also lead you to sites where malware is lurking. Of course, this is your call.

Let me know more specifically what problems you are having etc., and then we can go from there
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby JustinW » January 24th, 2007, 4:48 pm

Hmm, well I had AOL Spyware Protection that seems to be finding ISearch Toolbar, Smitfraud, and Ares.

I'm beginning to think that it's their program that's the problem.
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Unread postby Navigator » January 24th, 2007, 5:54 pm

JustinW wrote:Hmm, well I had AOL Spyware Protection that seems to be finding ISearch Toolbar, Smitfraud, and Ares.

I'm beginning to think that it's their program that's the problem.


Possibly, but maybe it found them and removed them (though I doubt it removed smitfraud, and I do not see any evidence of it in your HJT log).

Do you want to keep Party Poker? Let me know, and then I'll come up with instructions for a general 'cleaning'.... :D
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby JustinW » January 24th, 2007, 6:02 pm

Hmmm, let's just get rid of it, I probably won't miss it!
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Unread postby Navigator » January 24th, 2007, 6:04 pm

Let's do this:

1. First download AVG anti-spyware (previously Ewido) from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG anti-spyware, Do Not run a scan just yet, we will shortly.

2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Save it to your desktop, we will use it later.

3. Please re-open HiJackThis and choose scan only. Check the boxes next to all the entries listed below.

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll


Now close all windows other than HiJackThis, then click Fix Checked.

Reboot into safe mode by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Please remove these entries from Add/Remove Programs in the Control Panel(if present). Click start>>control panel>>add/remove programs:

Party Poker


5. Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

6. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG and reboot your system back into Normal Mode.

7. Update Java and Remove old Java Versions
  • Download the latest version of Java Runtime Environment (JRE) 6.<== scroll down the list to find THIS entry
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Remove older Java Versions:
  • Close any programs you may have running - especially your web browser.
  • Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
Install latest Java Version:
  • From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.


8. Post the results of the AVG report scan and a new HJT log for me to review....
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby JustinW » January 24th, 2007, 7:05 pm

Hmmm, is there another way to get into safe mode? When I press f8, it has me select a boot device, but then just boots like normal.
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Unread postby Navigator » January 24th, 2007, 8:40 pm

Hmmm...that sounds weird.

Try to boot into safe mode again, just try tapping F8 a little later in the boot up sequence...see if this will do it.

I'm going to do some other checking on this though...I'm not familiar with this problem.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby JustinW » January 25th, 2007, 3:48 am

Got it working:

Logfile of HijackThis v1.99.1
Scan saved at 2:44:52 AM, on 1/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Winamp\winampa.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinPortrait\floater.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\3com\Connection Assistant\bin\mpbtn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ytmnd.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = forbin.qc.edu:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: 3Com Connection Assistant.lnk = C:\Program Files\3com\Connection Assistant\bin\matcli.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AOL Toolbar search - res://c:\program files\common files\aolcoach\en_en\player\plugin\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:34:16 AM 1/25/2007

+ Scan result:



C:\Program Files\Common Files\zkzm\zkzmd\vocabulary -> Downloader.TSUpdate.j : Cleaned.
:mozilla.166:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.18:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.189:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.190:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.192:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.20:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.219:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.21:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.220:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.221:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.222:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.23:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.24:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.36:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.185:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.50:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.223:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.224:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.225:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.161:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Ne : Cleaned.
:mozilla.162:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Ne : Cleaned.
:mozilla.140:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.22:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.23:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.24:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.25:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.25:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.26:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.27:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.28:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.124:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.125:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.126:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.148:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.149:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.150:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.50:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.51:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.52:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.53:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.65:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.66:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.67:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.68:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.69:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.70:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.71:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.149:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.151:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.174:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.176:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.177:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.155:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.178:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.179:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.213:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.180:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.158:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.159:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.181:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.182:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.183:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.184:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.186:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.189:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.160:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.190:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.191:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.192:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.193:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.194:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.181:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.182:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.183:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.184:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.205:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.206:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.207:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.208:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.209:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.178:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.204:C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\sadfsdfs\ckfq14sb.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Unread postby Navigator » January 25th, 2007, 10:35 pm

Good job Justin....that HJT log appears clean, and AVG found only one file it cleaned along with a bunch of cookies....How is your system running? Any more problems?

Perhaps we should do one online scan to see what it finds:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


Post the contents of the ActiveScan report and let me know of any issues with your computer....
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby JustinW » January 26th, 2007, 5:30 am

Everything seems to be running fine. Here's the report:


Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Justin W\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/iedriver Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt[.c2.gostats.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Justin W\Application Data\Mozilla\Profiles\default\hvx2j2c7.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Justin W\Cookies\justin w@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Justin W\Cookies\justin w@atwola[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Justin W\Cookies\justin w@realmedia[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Justin W\Cookies\justin w@statcounter[1].txt
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Unread postby Navigator » January 26th, 2007, 9:04 pm

JustinW wrote:Everything seems to be running fine.




That's great....!

Let's do this, and then finish up:

Clear IE's Cookies and Cache

  • Close all instances of Outlook Express and Internet Explorer.
  • Go to Control Panel » Internet Options » General tab.
  • Click Delete Cookies.
  • Next to it, Click the Delete Files button.
  • When prompted, place a check in: Delete all offline content, click OK.

Clear Firefox' Cookies

  • Open Firefox.
  • Click Tools » Options.
  • Click the Privacy tab, then the Cookies tab.
  • Click the Clear Cookies Now button.
  • Then click OK to exit.

Clean Temporary Files

  • Go to Start » Run » type: cleanmgr » OK.
  • Choose (C: ) and then click OK.
  • Make sure these are the only ones that are checked :

    • Temporary Internet Files
    • Temporary Files
    • Recycle Bin
  • Click OK to remove them.
  • Click Yes to confirm the deletion.

Your HJT appears clean and I'm glad your system is running well with out problems!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • THIS IS IMPORTANT! - If you are using Windows XP then you should reset system restore to make sure there are no infected files found in a restore point and that you have a clean restore point should you need one!

    Now let's reset your restore points.

    Click Start Menu >> All Programs >> Accessories >> System Tools >> SystemRestore

    Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'.

    Next go to Start Menu >> Run, then type:

    cleanmgr


    click OK, when Disk Cleanup opens go to the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner by Atribune. This program is for XP and Windows 2000 only. ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface. The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. These are excellent reads too: I'm not pulling your leg and Malware: Preventing the Infection



Remember...be careful out there!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby NonSuch » February 6th, 2007, 5:04 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware