Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Microsoft Visual C++ Runtime Library

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Microsoft Visual C++ Runtime Library

Unread postby uberfei » July 16th, 2007, 3:29 am

Started getting the following error this morning,

Microsoft Visual C++ Runtime Library. Buffer overrun detected!
Program: C:\program files\internet explorer\iexplore.exe
A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated.

Did some digging online and this seems to be a confirmed parasite, however all the info Ive found related to the problem appearing in IE. I use Firefox and I have had the error appear during startup, in the middle of watching a movie and sometime before launching an app as well.

Ive already ran Ad-Aware but so far nothing. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:16 AM, on 7/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4435 bytes
uberfei
Active Member
 
Posts: 8
Joined: July 16th, 2007, 3:22 am
Advertisement
Register to Remove

Re: Microsoft Visual C++ Runtime Library

Unread postby uberfei » July 16th, 2007, 3:31 am

Microsoft Visual C++ Runtime Library. Buffer overrun detected!
Program: C:\windows\explorer.exe
A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated.

*Edit* Sorry this is the exact error message, copypasted wrong msg. from a website
uberfei
Active Member
 
Posts: 8
Joined: July 16th, 2007, 3:22 am

Unread postby ndmmxiaomayi » July 16th, 2007, 12:21 pm

Hi uberfei. :)

Welcome to Malware Removal Forum. My name is mayi and I will be helping you. As I am still an undergraduate, I will need my fixes checked before posting back to you. Thank you for your patience.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby ndmmxiaomayi » July 16th, 2007, 11:00 pm

Hi uberfei,

Step 1

I don't see an antivirus program running in your log. It could be that you disabled it, or you don't have an antivirus at all.

If you have disabled it, please re-enable it back.

If you have no antivirus, please download ONE antivirus from one of the links below:

AVG Antivirus Free
AntiVir for Windows 2000 and Windows XP
avast! 4 Home Edition
Clamwin

After installing an antivirus, please restart the computer and continue to the next step.

Step 2

Please rename HijackThis.exe to dumb.exe by doing the following:

  1. Go to C:\Program Files\HijackThis
  2. Right click on HijackThis.exe and select Rename.
  3. Type in dumb and press Enter.
  4. Double click on dumb to run it. Select Do a system scan and save a logfile. Please post back this log in your next reply.
Do not close HijackThis yet.

Step 3

  1. Click on the Config... button at the bottom right hand corner.
  2. At the top, click on the Misc Tools button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post back this list in your next reply.

In your next reply, please post:

  1. A new HijackThis log
  2. The Uninstall list
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby uberfei » July 16th, 2007, 11:52 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:46 PM, on 7/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\hijackthis\dumb.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {731B3E08-100C-42BD-B67C-824FBF5A82FC} - C:\WINDOWS\System32\vtstu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A00ED310-6EE3-4764-883D-F0B833AEC645} - C:\WINDOWS\System32\gebcbcy.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O20 - Winlogon Notify: gebcbcy - gebcbcy.dll (file missing)
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6755 bytes


3DMark03
3DMark05
3DMark06
7-Zip 4.42
Ad-Aware SE Personal
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Premiere 6.0
Adobe Reader 6.0.1
Adobe Stock Photos 1.0
AOL Instant Messenger
ATI Demo - Crowd (v1.4)
ATI Demo - Dangerous Curves (v1.3)
ATI Demo - Double Cross (v1.4)
ATI Demo - Subsurface Scattering (v1.4)
ATI Demo - The Assassin (v1.0)
ATI Demo - Toy Shop (v1.2)
ATI Display Driver (Omega 3.8.330)
ATI RADEON 9700 Car Paint Demo v1.1
ATI RADEON 9700 Pipe Dream Demo v1.1
ATI RADEON 9800 Chimp Demo v1.1
ATI ScreenSaver - ScreenSpace (v1.1)
AVG 7.5
Azureus Vuze
BattleMoonWars‹â ‘æˆê•â€
uberfei
Active Member
 
Posts: 8
Joined: July 16th, 2007, 3:22 am

Unread postby ndmmxiaomayi » July 17th, 2007, 8:54 am

Hi uberfei,

You are using P2P program (Azureus and Bittorent). While both programs spyware free, please refrain from using them while cleaning your computer to prevent getting more infections. Our recommendation is to stay off them as they are one of the sources of infections. For more information, please visit Malware Removal List of Clean and Infected P2P Programs and Spyware Info List of Clean and Infected P2P Programs.

  1. Please download VundoFix.exe by Atribune from Atribune and save it to your desktop.
  2. Double click VundoFix.exe to run it.
  3. Click the Scan for Vundo button.
  4. Once it's done scanning, click the Remove Vundo button.
  5. You will receive a prompt asking if you want to remove the files, click YES
  6. Once you click yes, your desktop will go blank as it starts removing Vundo.
  7. When completed, it will prompt that it will reboot your computer, click OK.
  8. Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

In your next reply, please post:

  1. VundoFix log (C:\VundoFix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby uberfei » July 17th, 2007, 12:38 pm

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 9:24:35 AM 7/17/2007

Listing files found while scanning....

C:\WINDOWS\System32\gebcbcy.dll
C:\WINDOWS\System32\utstv.ini
C:\WINDOWS\System32\vtstu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\utstv.ini
C:\WINDOWS\System32\utstv.ini Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:49 AM, on 7/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\dumb.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {731B3E08-100C-42BD-B67C-824FBF5A82FC} - C:\WINDOWS\System32\vtstu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O20 - Winlogon Notify: gebcbcy - gebcbcy.dll (file missing)
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6602 bytes
uberfei
Active Member
 
Posts: 8
Joined: July 16th, 2007, 3:22 am

Unread postby ndmmxiaomayi » July 17th, 2007, 2:43 pm

Hi uberfei,

Step 1

Please open HijackThis and select Do a system scan only.

Put a check (tick) next to these lines:

O2 - BHO: (no name) - {731B3E08-100C-42BD-B67C-824FBF5A82FC} - C:\WINDOWS\System32\vtstu.dll (file missing)
O20 - Winlogon Notify: gebcbcy - gebcbcy.dll (file missing)
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll (file missing)


Click Fix checked.

Step 2

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.0.50.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
  11. Under What to scan?, select Scan every file.
Do not run a scan yet. You will run a scan later.

Step 3

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All.
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Step 4

  1. Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

In your next reply, please post:

  1. AVG Anti-spyware scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby uberfei » July 18th, 2007, 2:42 am

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:40:49 PM 7/17/2007

+ Scan result:



:mozilla.196:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.197:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.292:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.438:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.441:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.540:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.550:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.201:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.202:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.203:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.204:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.205:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.206:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.207:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.208:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.209:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.210:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.211:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.212:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.213:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.214:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.215:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.216:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.217:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.218:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.219:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.220:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.221:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.222:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.223:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.224:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.225:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.226:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.227:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.86:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.87:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.88:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.89:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.90:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.91:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.92:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.176:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.177:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.178:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.842:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.285:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.286:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.287:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.843:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.166:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.167:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.168:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.169:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.717:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.301:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.302:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.303:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.304:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.305:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.19:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.335:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.336:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.337:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.338:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.339:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.340:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.341:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.342:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.343:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.344:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.345:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.346:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.233:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.234:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.235:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.393:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.394:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.462:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.463:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.722:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Infinite-ads : Cleaned.
:mozilla.723:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Infinite-ads : Cleaned.
:mozilla.724:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Infinite-ads : Cleaned.
:mozilla.812:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.813:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.164:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.165:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.619:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.549:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.559:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.873:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.236:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.237:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.238:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.239:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.569:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.570:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.571:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.572:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.573:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.574:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.575:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.576:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.587:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.588:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.589:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.590:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.591:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.592:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.593:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.594:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.725:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.356:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.357:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.358:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.359:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.360:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.361:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.362:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.282:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.603:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.604:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.605:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.606:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.607:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.114:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.627:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.628:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.629:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.630:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.631:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.734:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.735:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.181:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.186:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.189:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.190:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.643:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.644:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.577:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.578:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.579:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.580:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.581:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.379:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.653:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.788:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.687:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.713:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.714:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.715:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.716:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.113:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.116:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.117:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.124:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.125:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:58 PM, on 7/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\dumb.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6527 bytes
uberfei
Active Member
 
Posts: 8
Joined: July 16th, 2007, 3:22 am

Unread postby ndmmxiaomayi » July 18th, 2007, 11:49 pm

It looks like you have done a scan with Bitdefender. Did the scan find anything or save a log? If yes, please post the log or what it found.
If you are unable to recall or locate a log please perform this next step

Please go to Kaspersky website and perform an online antivirus scan.
Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.

In your next reply, please post back:

  1. Kaspersky Antivirus scan report
  2. A new HijackThis log


Also, are you prepared to update to XP SP2?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby uberfei » July 19th, 2007, 9:59 pm

The AVG antivirus and spyware seem to have nailed the problem. I haven't had that error in the past few days.

I don't really like the idea of upgrading to SP2 as it really messed with my last system :/

All these tools and the well documented steps for using them have been a huge help. ^^ Thanks a ton.
uberfei
Active Member
 
Posts: 8
Joined: July 16th, 2007, 3:22 am

Unread postby ndmmxiaomayi » July 20th, 2007, 1:04 am

Hi uberfei,

Please post a new HijackThis log. If you have saved a Bitdefender log, please post that as well.

If you didn't save one, can you recall the items detected by Bitdefender? If no, please run the Kaspersky Antivirus scan and post back.

In your next reply, please post the Kaspersky Antivirus scan log and a new HijackThis log.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby uberfei » July 20th, 2007, 1:11 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 20, 2007 10:10:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 20/07/2007
Kaspersky Anti-Virus database records: 365851
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 131394
Number of viruses found: 3
Number of infected objects: 2
Number of suspicious objects: 2
Duration of the scan process: 01:23:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-003D1758-8794-4A1E-861F-67FA5219962F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-069058ED-5433-4ADD-8D5A-EF5502DF660A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-080E696B-A4FE-4C8A-875D-86D23C8D7E7A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0B387B94-4698-415F-A64A-9111C1E9AEEB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0B9E2158-12D7-456B-B897-9AF57819E086.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0E176729-C3C3-4E26-8AC0-8ABC7B50E9CC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-122E216A-B566-4BE6-B983-09C2C9275AC2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-16CBCD3A-ED09-41F7-946A-0AAE941A621F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1DBBB01C-39F1-478A-B86F-2CCC062B4AFE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1DCDA8F6-45D6-4333-9F13-DB6F0F16F579.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1FF943AF-ADF5-4331-BA5E-4DBECBED8A19.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-22151356-3EA0-4998-860E-14152C4136D7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-271796BC-03D4-48DE-B5BD-77F4AD1282C4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-28633AF5-BB0F-468F-AB4F-678CB2357D21.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2C804FEE-D0A9-4081-9401-6FBBAE2D6AB0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2C819C9D-2F81-415E-98BE-078AA13865E6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2F848E7B-ED06-469A-8576-8309D7EFFB69.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-34DA5A3F-749E-4602-B4E0-45074EE13B35.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-358EEDEC-06D8-4FA4-BE41-76FC34296328.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-36230059-C089-4130-B826-A94697E90713.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-363F4244-0A5C-4676-90CA-20E893358757.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-38CC3324-E476-4166-BCDB-FB7341C4AD00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3C29B46A-F2FB-48E3-BF77-0075F80929EF.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3C52F478-C373-4E5C-8F41-4EE2800C4A42.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3CAB6F68-64D9-4BAE-B05F-B43E3B7CC620.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3D2F859C-1670-4098-9134-4B0416FF037A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3DA3C645-3E41-4411-85E6-024784F34C55.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3E2B3C18-AA7A-48F5-B81E-D3C078932806.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3F1CDA74-3D00-459F-BAF2-A55CA33CC374.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-441EAE56-B8ED-4401-92F1-6E2CE28D39D5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4587DA52-5321-49E1-8CC8-531D8A5A7A2E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4765DDFB-1458-4630-81E0-51741EC601D5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-480CEF4E-9ADC-448E-A865-09B88123B6AB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-48400B8A-905F-4320-B4B1-1F438C90F9DB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4CE36D09-1F04-474E-8B4F-8E9F5E5C43B2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4F0E97A4-54C7-4F21-BB0E-17604298E635.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4F731070-D953-45BA-BCE9-F173B67D9590.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5194CE20-759E-4559-999A-2CBFC607C341.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-537945C1-65B2-4D64-8F31-47DAE9A0A8CA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-55E8C387-1925-42AA-8A9E-8F31F830CD31.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-56C5E8DD-44FE-433F-BA3F-635ECCB4DA33.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5A54990D-6C91-482E-8D9F-0933DBF0C50B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5B0A2922-05D4-4591-80DB-C736AF377FEC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5C7191A0-704B-4F35-9E97-B8D7919D007D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5DC2210F-3ADF-4CB4-AF1E-CEADE69847C3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5EA75A12-3B12-43FF-BA28-5DE3C78491ED.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-61A59DCC-8247-4D2E-B874-9501F0065953.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6389E6C8-9DA1-410F-BC08-BDE3C91C6A98.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-63BF4AC7-7644-474B-B6B4-2D6123EE0FC0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-664B38EB-CC6E-4818-BE77-DDC1564819E6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6CC05DA1-1B56-458A-80FA-09CE9A3F9CD3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6E4D8539-D178-4D38-9702-89E62EF36525.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6F75D1C5-8A0E-4572-9AFC-1EF0D0C1EBF0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6F8E847E-6299-402E-B1F5-120346F24B1B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7003AE1D-04D0-44B9-8D66-8A310E6996D4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-71969A9F-8791-4140-89E4-B947727A1971.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-72FA15EE-E9E2-405B-A88A-CE03855AC015.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-72FB6B81-D3D7-4E47-B1D1-60244AB164B5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-764E0970-8C77-4C00-8C99-E326366FD8A7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7D390661-1C7F-4CB2-9896-3408C69538FD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-80429212-15AF-4737-B8DB-196B90DD6309.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8079B0F5-45D3-4E91-882B-C31E54270E22.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-835BD19F-6F2B-4775-B04E-D4BD273EFB74.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-881E382E-53EB-4FEB-86A4-F51B8B90E58C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-885DFF64-2B6E-4807-9432-D213E989777F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8C1EE8BC-B158-45F7-B40A-1BF6F15D6385.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8D986F18-A2BF-431D-AA6B-C89386A0A790.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-917A887F-C7C4-4BA6-B6A4-01F802F98E1D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9504B534-C818-4007-A025-45A4EA0BF069.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-97482E1A-E3BD-4323-833F-E954EA5D5F47.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-99679DBF-B084-4536-BFA2-8E01D8EA80B0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-99CD8CBF-F1BB-463A-AFEF-C3B763566D07.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9AE3DAF0-0D5D-47FD-A189-DCD2544F53D6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9BF2F8CF-2C6B-4BB4-9C81-CFC736FC5409.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9CF27EF3-254D-47C3-B98B-299598522A9B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9DB735AA-296E-4C50-BC26-817D1B22BEB3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9E9659F8-6F7C-42F0-AEB5-ECBE8C66B970.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ABF3A3BB-10B3-4F16-A8CA-149F32A1D650.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AE43D593-5453-43E0-8AB0-92B09939C0C7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B0827592-A2F1-4393-989A-D62226D3CC70.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B0E79DD7-F726-4ACA-BFDA-D6F6A31C5E73.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B237EFFB-2925-4A81-8BE2-DB6FC0702F30.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B2C173AB-843B-40D9-96A5-58A9EF788CD2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B3286E44-B70F-4FF6-A880-50E1E23A9A89.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B7C69781-DBC0-4236-BDB3-2102B64E489D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B862669F-BF14-4890-A15F-5663E791E6DB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B8BDC719-0326-47E9-B2DB-BA928FE4B070.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B9148E00-5006-4C94-83E5-E1B5CDAF40BF.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BAEDBBE8-A0AD-4344-AFD0-FE2478C2C25B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BD92B610-821C-47C1-BCA3-590FFD93178B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BF45986F-3159-42C0-8BB9-A9858D4D805D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BFBAFEE1-6123-4DF8-9C66-DA2E34904E63.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C2F7B000-39FC-4C9A-8D64-141AD1220DFE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C6686FE2-E32B-4E86-A008-FCBE596166B7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C7971202-9767-46A9-8500-74CFDA97318D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C7AF87FC-F794-45FF-8CE9-4CBF0FB4B479.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C7D64E38-473B-4A40-9CE8-0636398092C7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C8D20A7B-BFE2-4E48-9A17-284A529B4E86.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C9D7C590-EDA3-474B-B8A4-4B6B88E517E6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CC4137DB-187C-4B33-A78F-FC2F89B6982D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CCD07B86-8604-4CB2-AD7F-48D2BC1E5992.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CD898BD3-569D-42E8-9526-DEA882CA38E1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CF538C36-ABC6-4B77-B7C3-ACB995302CD4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D0278775-42CC-4A78-A149-7B925B33175E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D4AC5A9B-693D-48CE-A237-42707AC26E4C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D7F4D5C9-C1B3-44EC-A15D-E62DCD592CBB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D8E9391B-99B2-498A-B7E4-3F5FE7C3CA90.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D9733A7E-10C0-4EAD-8707-C402A47C12A2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D993CE6C-1629-4FB9-BB6D-B515CB20CA21.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DBC36BD5-0303-41B0-8331-FE3BB7C433C8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E37F0FDF-96B7-4510-B84F-F922C5F1C033.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ECE582CC-6772-494E-810A-70B5407F7C5C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ED8D778C-CE13-4666-A87D-F06AA24206BD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EE7CA462-8B28-421D-A480-AA47D952A76C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F333E7C9-3DED-4C4B-9007-B2543DF5FC65.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F342C38F-4740-40BC-A22C-E8772D7B1D3C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F506B1B7-C7DC-4037-8702-DB5027F7D926.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F5CDFF08-5116-4C27-8E96-DE76850A4E00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F6B670EC-F119-47C3-9953-AED2BBD4207D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F70AA427-E24D-4D4D-8FE3-C41512335D0F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F8B1BF14-8C1C-417E-BBDD-99CF38251D56.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F990C109-FFA7-402A-8E47-75B8BA6A7A61.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F9E49A2C-3862-4C1E-8A09-364DEE01636D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FB43CCC6-F47B-4989-B157-96FFE7713F8C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip/retadpu2000352.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Ben\.housecall6.6\Quarantine\mshtml2.exe~.bac_a02200 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\history.dat Object is locked skipped
C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\key3.db Object is locked skipped
C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ben\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\Application Data\Mozilla\Firefox\Profiles\hf2qp6l4.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\History\History.IE5\MSHist012007072020070721\index.dat Object is locked skipped
C:\Documents and Settings\Ben\Local Settings\Temp\win4B.tmp Infected: Trojan-Spy.Win32.Agent.or skipped
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ben\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ben\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\KOS-MOS.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT06855.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:01 AM, on 7/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\dumb.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6677 bytes
uberfei
Active Member
 
Posts: 8
Joined: July 16th, 2007, 3:22 am

Unread postby ndmmxiaomayi » July 22nd, 2007, 12:54 am

Hi uberfei,

Step 1

Show hidden files and folders
  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
  10. Close My Computer.

Step 2

Please delete these files.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip
C:\Documents and Settings\Ben\.housecall6.6\Quarantine\mshtml2.exe~.bac_a02200
C:\Documents and Settings\Ben\Local Settings\Temp\win4B.tmp

Step 3

  1. Go to Start > Control Panel. Double click on Add/Remove Programs.
  2. Locate Adobe Reader 6.0.1 and click on Change/Remove to uninstall it.
  3. Repeat Steps 1 and 2 for J2SE Runtime Environment 5.0 Update 6.
  4. Once done, close Add/Remove Programs and Control Panel.

Step 4

Update Java

Your Java Runtime Environment is out of date. The current version is JRE 6u2.

  1. Click here to go to Java website.
  2. Scroll down to Java Runtime Environment (JRE) 6u2. Click on Download.
  3. Select Accept License Agreement. The page will refresh.
  4. Click on Windows Offline Installation, Multi-language and save it to a convenient location.
  5. Go to Start > Control Panel. Double click on Add/Remove Programs.
  6. Locate J2SE Runtime Environment 5.0 Update 6, click on Change/Remove to uninstall it.
  7. Restart the computer.
  8. Double click on jre-6u2-windows-i586-p.exe to install Java.
  9. Restart the computer.

Update Adobe Acrobat Reader

  1. Click here to download the latest version of Adobe Acrobat Reader.
  2. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.
  3. If you are using other browsers, please uninstall Adobe Reader 7.0.9 before installing the latest version.
  4. Close your Internet browser and open it again.


Please post a new HijackThis log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby uberfei » July 22nd, 2007, 2:20 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:34 PM, on 7/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\hijackthis\dumb.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_dll] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7470 bytes
uberfei
Active Member
 
Posts: 8
Joined: July 16th, 2007, 3:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: NonSuch and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware