Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my hijack this log file, thanks for your help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: my hijack this log file, thanks for your help

Unread postby Bio-Hazard » May 31st, 2009, 12:21 pm

Hello!

On that Stopzilla log i cant see anything bad. Only cookies and some entries that are in System restore which are not active and we will get rid of them once we have finished.

yes, it was under realtime protection - network - configure. It works. Is it worth using Stopzilla?


I dont like the program myself but decision is yours.



Also the resident shield of AVG now keeps alerting me to infections eg :

Found Tracking Cookie: Doubleclick
Process name: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Process ID: 6108
Detected on Open

but when I say remove, it says some files cannot be healed. What's that about? Sorry, should I just disable it, or are they real infections?


That is a cookie which is harmless. Dont disable AVGs realtime resident.


ATF-Cleaner

Please download ATF Cleaner by Atribune.

  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • Click Exit on the Main menu to close the program.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK
Advertisement
Register to Remove

Re: my hijack this log file, thanks for your help

Unread postby singanina » May 31st, 2009, 12:34 pm

OK I have done it.
singanina
Regular Member
 
Posts: 35
Joined: May 23rd, 2009, 2:20 pm

Re: my hijack this log file, thanks for your help

Unread postby Bio-Hazard » May 31st, 2009, 2:05 pm

Hello!

Do you have any problems at the moment? Is AVG still warning about that entry? Could you please post a new HijackThis log.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: my hijack this log file, thanks for your help

Unread postby singanina » May 31st, 2009, 3:02 pm

Hi

No problems. all is well. Here's the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:09, on 31/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.myspace.com/carolinedexter
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www2.arnes.si/~mmilut/BladeEnc.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 7211 bytes
singanina
Regular Member
 
Posts: 35
Joined: May 23rd, 2009, 2:20 pm

Re: my hijack this log file, thanks for your help

Unread postby singanina » May 31st, 2009, 3:56 pm

...AVG is still warning about it, also process 1034? Lots of different ones, I just assume they are safe and say ignore. There seem to be a lot more warnings, eg when I go to Amazon and click 'look inside' I get asked if I want to allow the page to paste information from my clipboard. It would be great if I could turn things like that, as well as warning balloons from Windows security alerts, off. But basically everything is now working fine, I'm really amazed and grateful - THANKS!
singanina
Regular Member
 
Posts: 35
Joined: May 23rd, 2009, 2:20 pm

Re: my hijack this log file, thanks for your help

Unread postby Bio-Hazard » June 1st, 2009, 8:03 am

Hello!

I want be sure that we got everything so i want to run Combofix again. You need to DELETE the old version and download a new one. Also once you have run Combofix do a full system scan with AVG and if you can post that log for me to see aswell.

Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

  • You must download it to and run it from your Desktop
  • ComboFix SHOULD NOT be used unless requested by a forum helper.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE
  • Double click on ComboFix.exe and follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • Combofix should never take more that 20 minutes including the reboot if malware is detected.

IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.



Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
  • AVG log if possible
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: my hijack this log file, thanks for your help

Unread postby singanina » June 1st, 2009, 1:59 pm

Hi,

ComboFix 09-05-31.06 - Caroline Dexter 01/06/2009 18:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.589 [GMT 1:00]
Running from: d:\documents and settings\Caroline Dexter.049924520170\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-05-28 18:58 . 2009-05-28 18:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 11:17 . 2009-05-30 11:22 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-24 15:19 . 2009-05-24 15:19 -------- d-----w- c:\program files\Trend Micro
2009-05-23 17:18 . 2009-05-23 16:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-23 16:29 . 2009-05-23 16:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-23 16:29 . 2009-05-23 16:24 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-23 16:22 . 2009-05-23 16:22 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-23 16:22 . 2009-05-23 16:29 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2009-05-23 16:22 . 2009-05-23 16:22 -------- d-----w- c:\program files\Lavasoft
2009-05-23 16:19 . 2009-05-31 12:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-23 16:19 . 2009-05-31 12:38 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-23 11:33 . 2009-05-23 11:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-23 11:33 . 2009-05-23 11:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-23 11:33 . 2009-05-23 11:33 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-23 11:33 . 2009-05-23 11:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-23 11:33 . 2009-06-01 17:32 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-23 11:32 . 2009-05-28 09:28 -------- d-----w- d:\documents and settings\All Users\Application Data\avg8
2009-05-23 11:32 . 2009-05-23 11:32 -------- d-----w- c:\program files\AVG
2009-05-22 16:08 . 2009-05-22 16:08 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\OD2
2009-05-21 21:00 . 2009-05-21 21:00 -------- d-----w- d:\documents and settings\All Users\Application Data\SITEguard
2009-05-21 20:59 . 2009-05-31 16:04 -------- d-----w- d:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-21 20:59 . 2009-05-21 20:59 -------- d-----w- c:\program files\Common Files\iS3
2009-05-21 20:35 . 2009-05-21 20:35 -------- d-----w- c:\program files\Windows Defender
2009-05-17 14:53 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-05-17 14:53 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-05-10 01:54 . 2009-05-10 01:54 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\AdobeUM
2009-05-09 17:53 . 2001-08-17 12:53 3328 ----a-w- c:\windows\system32\drivers\qv2kux.sys
2009-05-09 17:53 . 2001-08-17 12:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-05-08 08:39 . 2009-05-30 14:12 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\EndNote
2009-05-08 08:30 . 2002-12-31 10:00 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-08 08:30 . 2009-05-08 08:30 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-08 08:29 . 2009-05-08 08:30 -------- d-----w- c:\windows\SHELLNEW
2009-05-08 08:28 . 2009-05-08 08:28 -------- d-----w- c:\program files\Microsoft.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 18:58 . 2007-02-19 22:13 -------- d-----w- c:\program files\Java
2009-05-17 17:08 . 2007-06-12 13:00 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\n-Track Studio5
2009-05-08 08:38 . 2007-02-04 21:16 89176 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 08:38 . 2009-05-08 08:38 0 ----a-w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\wklnhst.dat
2009-04-26 14:44 . 2009-04-26 14:44 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\VadeRetro
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w- c:\program files\Common Files\Risxtd
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w- c:\program files\Common Files\ResearchSoft
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w- c:\program files\EndNote Web
2009-04-24 18:48 . 2009-04-24 18:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-03-06 14:00 . 2004-09-10 13:57 284160 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-28_09.48.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-01 17:25 . 2009-06-01 17:25 16384 c:\windows\temp\Perflib_Perfdata_468.dat
- 2006-10-05 12:16 . 2009-05-28 09:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-10-05 12:16 . 2009-06-01 17:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-10-05 12:16 . 2009-06-01 17:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-05 12:16 . 2009-05-28 09:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-05 12:16 . 2009-06-01 17:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-10-05 12:16 . 2009-05-28 09:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 18:58 . 2009-05-28 18:58 148888 c:\windows\system32\javaws.exe
+ 2009-05-28 18:58 . 2009-05-28 18:58 144792 c:\windows\system32\javaw.exe
+ 2009-05-28 18:58 . 2009-05-28 18:58 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-05 26112]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-23 1947928]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-23 516440]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 07:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-23 11:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/05/2009 17:29 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/05/2009 12:33 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/05/2009 12:33 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/05/2009 12:32 298776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www2.arnes.si/~mmilut/BladeEnc.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 18:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\RtlGina2.dll
c:\apps\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-06-01 18:43
ComboFix-quarantined-files.txt 2009-06-01 17:43
ComboFix2.txt 2009-05-28 13:00
ComboFix3.txt 2009-05-28 09:49

Pre-Run: 20,358,414,336 bytes free
Post-Run: 20,339,122,176 bytes free

166 --- E O F --- 2009-04-25 08:08



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:28, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www2.arnes.si/~mmilut/BladeEnc.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 7174 bytes


Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[1].txt";"Potentially dangerous object";"01/06/2009, 18:31:52";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[1].txt";"Potentially dangerous object";"01/06/2009, 18:31:48";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"01/06/2009, 18:31:48";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"01/06/2009, 18:31:46";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt";"Potentially dangerous object";"01/06/2009, 07:34:24";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[2].txt";"Potentially dangerous object";"01/06/2009, 07:34:24";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"01/06/2009, 07:33:07";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[1].txt";"Potentially dangerous object";"01/06/2009, 07:32:56";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"01/06/2009, 07:32:52";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[2].txt";"Potentially dangerous object";"31/05/2009, 21:44:29";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[1].txt";"Potentially dangerous object";"31/05/2009, 21:44:28";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[2].txt";"Potentially dangerous object";"31/05/2009, 21:44:28";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"31/05/2009, 21:44:28";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[1].txt";"Potentially dangerous object";"31/05/2009, 21:44:19";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[2].txt";"Potentially dangerous object";"31/05/2009, 21:44:16";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[2].txt";"Potentially dangerous object";"31/05/2009, 21:44:16";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Deleted";"31/05/2009, 21:20:48";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"31/05/2009, 20:57:38";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adviva;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adviva[2].txt";"Potentially dangerous object";"31/05/2009, 20:57:37";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt";"Potentially dangerous object";"31/05/2009, 20:57:26";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[1].txt";"Potentially dangerous object";"31/05/2009, 20:46:03";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"31/05/2009, 20:45:43";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[2].txt";"Potentially dangerous object";"31/05/2009, 20:43:04";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"31/05/2009, 20:42:01";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Potentially dangerous object";"31/05/2009, 19:57:31";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[2].txt";"Potentially dangerous object";"31/05/2009, 19:57:30";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[1].txt";"Potentially dangerous object";"31/05/2009, 19:57:30";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[1].txt";"Moved to Virus Vault";"31/05/2009, 17:52:19";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"31/05/2009, 17:52:19";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt";"Moved to Virus Vault";"31/05/2009, 17:52:18";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[2].txt";"Potentially dangerous object";"31/05/2009, 17:52:18";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"31/05/2009, 17:52:08";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt";"Moved to Virus Vault";"31/05/2009, 17:29:37";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Moved to Virus Vault";"31/05/2009, 17:29:20";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Deleted";"31/05/2009, 17:23:00";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"31/05/2009, 17:07:02";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"31/05/2009, 17:05:55";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"31/05/2009, 17:00:47";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[1].txt";"Moved to Virus Vault";"31/05/2009, 16:58:20";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"31/05/2009, 16:58:19";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt";"Moved to Virus Vault";"31/05/2009, 16:58:19";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[2].txt";"Potentially dangerous object";"31/05/2009, 16:58:19";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"31/05/2009, 16:58:18";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"31/05/2009, 16:41:49";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[1].txt";"Potentially dangerous object";"31/05/2009, 16:41:49";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Moved to Virus Vault";"31/05/2009, 16:41:02";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Moved to Virus Vault";"31/05/2009, 16:40:28";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[3].txt";"Moved to Virus Vault";"31/05/2009, 16:40:26";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[1].txt";"Moved to Virus Vault";"31/05/2009, 16:40:26";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[1].txt";"Deleted";"31/05/2009, 16:39:52";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[2].txt";"Potentially dangerous object";"31/05/2009, 15:37:43";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"31/05/2009, 15:37:43";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[1].txt";"Potentially dangerous object";"31/05/2009, 15:37:43";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[2].txt";"Potentially dangerous object";"31/05/2009, 15:37:43";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"31/05/2009, 15:37:42";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Deleted";"31/05/2009, 15:17:27";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[1].txt";"Deleted";"31/05/2009, 15:17:08";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[2].txt";"Deleted";"31/05/2009, 15:11:57";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[1].txt";"Potentially dangerous object";"31/05/2009, 15:08:17";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"31/05/2009, 15:08:17";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[1].txt";"Potentially dangerous object";"31/05/2009, 15:08:16";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[1].txt";"Potentially dangerous object";"31/05/2009, 15:08:16";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"31/05/2009, 15:04:00";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[1].txt";"Potentially dangerous object";"31/05/2009, 15:03:59";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[1].txt";"Moved to Virus Vault";"31/05/2009, 15:03:59";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"31/05/2009, 15:01:01";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Deleted";"31/05/2009, 14:59:05";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Moved to Virus Vault";"31/05/2009, 14:14:07";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"31/05/2009, 14:14:06";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[1].txt";"Moved to Virus Vault";"31/05/2009, 14:01:51";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt";"Moved to Virus Vault";"31/05/2009, 13:52:21";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[1].txt";"Moved to Virus Vault";"31/05/2009, 13:52:21";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt";"Moved to Virus Vault";"31/05/2009, 13:47:27";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[2].txt";"Moved to Virus Vault";"31/05/2009, 13:47:25";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[3].txt";"Moved to Virus Vault";"31/05/2009, 13:47:20";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[1].txt";"Moved to Virus Vault";"31/05/2009, 13:47:20";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Moved to Virus Vault";"31/05/2009, 13:47:20";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[2].txt";"Potentially dangerous object";"31/05/2009, 13:34:08";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[2].txt";"Potentially dangerous object";"31/05/2009, 13:34:08";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[1].txt";"Potentially dangerous object";"31/05/2009, 13:34:07";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[1].txt";"Potentially dangerous object";"31/05/2009, 13:34:07";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"31/05/2009, 13:33:49";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt";"Potentially dangerous object";"30/05/2009, 20:40:01";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[1].txt";"Potentially dangerous object";"30/05/2009, 20:40:01";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 20:38:16";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt";"Potentially dangerous object";"30/05/2009, 19:49:41";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"30/05/2009, 19:49:40";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[3].txt";"Potentially dangerous object";"30/05/2009, 19:49:36";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[1].txt";"Potentially dangerous object";"30/05/2009, 19:49:36";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Potentially dangerous object";"30/05/2009, 19:49:36";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[1].txt";"Potentially dangerous object";"30/05/2009, 19:49:36";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[2].txt";"Potentially dangerous object";"30/05/2009, 19:49:35";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 19:49:35";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[3].txt";"Potentially dangerous object";"30/05/2009, 18:36:53";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[1].txt";"Potentially dangerous object";"30/05/2009, 18:36:53";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"30/05/2009, 18:36:03";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 18:22:48";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 18:08:47";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adviva;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adviva[1].txt";"Potentially dangerous object";"30/05/2009, 18:08:31";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[1].txt";"Potentially dangerous object";"30/05/2009, 18:07:55";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 18:07:54";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"30/05/2009, 17:25:06";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[2].txt";"Potentially dangerous object";"30/05/2009, 16:02:47";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"30/05/2009, 15:59:20";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[2].txt";"Potentially dangerous object";"30/05/2009, 15:55:59";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adrevolver;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[2].txt";"Potentially dangerous object";"30/05/2009, 15:55:59";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Potentially dangerous object";"30/05/2009, 15:55:59";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[1].txt";"Potentially dangerous object";"30/05/2009, 15:55:58";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[2].txt";"Potentially dangerous object";"30/05/2009, 15:55:58";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"30/05/2009, 15:55:58";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[2].txt";"Potentially dangerous object";"30/05/2009, 15:10:35";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt";"Potentially dangerous object";"30/05/2009, 15:08:22";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Potentially dangerous object";"30/05/2009, 15:08:20";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"30/05/2009, 15:08:20";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 15:08:15";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[2].txt";"Potentially dangerous object";"30/05/2009, 15:08:15";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[1].txt";"Potentially dangerous object";"30/05/2009, 15:08:15";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 13:58:23";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt";"Potentially dangerous object";"30/05/2009, 13:58:23";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Serving-sys;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[1].txt";"Potentially dangerous object";"30/05/2009, 13:58:23";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"30/05/2009, 13:47:06";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt";"Potentially dangerous object";"30/05/2009, 13:45:48";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 13:45:46";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 13:37:51";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"30/05/2009, 11:47:26";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Yieldmanager;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[1].txt";"Potentially dangerous object";"30/05/2009, 11:45:54";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 11:45:53";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Advertising;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[1].txt";"Potentially dangerous object";"30/05/2009, 10:17:08";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Tacoda;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@tacoda[1].txt";"Potentially dangerous object";"30/05/2009, 10:17:07";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Atdmt;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt";"Potentially dangerous object";"30/05/2009, 10:13:50";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"30/05/2009, 10:10:22";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Mediaplex;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt";"Potentially dangerous object";"30/05/2009, 10:03:05";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Potentially dangerous object";"30/05/2009, 09:59:04";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"29/05/2009, 17:00:57";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"29/05/2009, 17:00:17";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"29/05/2009, 16:58:57";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"29/05/2009, 16:52:35";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"29/05/2009, 13:26:21";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[2].txt";"Potentially dangerous object";"29/05/2009, 13:24:10";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Doubleclick;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt";"Moved to Virus Vault";"29/05/2009, 11:41:07";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Found Tracking cookie.Adviva;"D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adviva[2].txt";"Moved to Virus Vault";"29/05/2009, 11:28:02";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"


Scan "Scheduled scan" was finished.
Spyware;"2";"2";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"30 May 2009, 12:00:01"
Scan finished:;"30 May 2009, 13:46:20 (1 hour(s) 46 minute(s) 19 second(s))"
Total object scanned:;"606186"
User who launched the scan:;"SYSTEM"

Spyware
File;"Infection";"Result"
C:\Qoobox\Quarantine\C\WINDOWS\ieocx.dll.vir;"Adware Generic4.ELH";"Moved to Virus Vault"
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP96\A0026328.dll;"Adware Generic4.ELH";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[2].txt;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[2].txt:\adrevolver.com.9b9d670a;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@adrevolver[2].txt:\adrevolver.com.f6cfcad4;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[2].txt;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[2].txt:\advertising.com.1dfa2206;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@advertising[2].txt:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[1].txt;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[1].txt:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@media.adrevolver[1].txt:\media.adrevolver.com.7fd89687;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt:\mediaplex.com.dc30fb3c;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@mediaplex[2].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@revsci[1].txt;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@revsci[1].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@revsci[1].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@revsci[1].txt:\revsci.net.738d89d;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@revsci[1].txt:\revsci.net.a5a8b88c;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@revsci[1].txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@serving-sys[2].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@tacoda[1].txt;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@tacoda[1].txt:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@tacoda[1].txt:\tacoda.net.4366831a;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@tacoda[1].txt:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@tacoda[1].txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@tacoda[1].txt:\tacoda.net.cd7ce44f;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@tacoda[1].txt:\tacoda.net.ed9c50d1;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@zedo[1].txt;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@zedo[1].txt:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@zedo[1].txt:\zedo.com.a5b6a132;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@zedo[1].txt:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@zedo[1].txt:\zedo.com.cef1c7af;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@zedo[1].txt:\zedo.com.dd15d628;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
D:\Documents and Settings\Caroline Dexter.049924520170\Cookies\caroline dexter@zedo[1].txt:\zedo.com.ff8ec9c0;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
singanina
Regular Member
 
Posts: 35
Joined: May 23rd, 2009, 2:20 pm

Re: my hijack this log file, thanks for your help

Unread postby Bio-Hazard » June 1st, 2009, 2:30 pm

Hello!

Those AVG entries are just cookies which are harmless.

Remove HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.



Your log now appears to be clean. Congratulations!

You can get rid of the tools we used:
  • Javara - (You can just delete the exe file from your desktop)
  • DDS.scr - (You can just delete the exe file from your desktop)


    Delete ComboFix and Clean Up
    Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
    Image
    Please advise if this step is missed for any reason as it performs some important actions.


    Clean up with OTM

    • Double-click OTM.exe to start the program.
    • Close all other programs apart from OTMoveIt3 as this step will require a reboot
    • On the OTM main screen, press the CleanUp! button
    • Say Yes to the prompt and then allow the program to reboot your computer.


    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    You can now re-enable Adaware Ad-Watch and Windows Defender.

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    NOTE:You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.
  • Make Internet Explorer More Secure
    You are using Internet Explorer v.6.
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      Next press the Apply button and then the OK to exit the Internet Properties page.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera


Here is a great article by miekiemoes How to prevent Malware

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: my hijack this log file, thanks for your help

Unread postby singanina » June 1st, 2009, 5:10 pm

Hi,

I'm really sorry to be a pain, I deleted ComboFix but the OTM is not running. I deleted it and downloaded it again, but it still doesn't do anything. I tried right clicking then running it, still no good. I did a hijack this log just in case it's useful...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:21, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\OTM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www2.arnes.si/~mmilut/BladeEnc.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 7199 bytes

Thanks again,

Caroline
singanina
Regular Member
 
Posts: 35
Joined: May 23rd, 2009, 2:20 pm

Re: my hijack this log file, thanks for your help

Unread postby Bio-Hazard » June 2nd, 2009, 12:58 am

singanina wrote:Hi,

I'm really sorry to be a pain, I deleted ComboFix but the OTM is not running. I deleted it and downloaded it again, but it still doesn't do anything. I tried right clicking then running it, still no good. I did a hijack this log just in case it's useful...


Sorry that you had a problem with it. It seems that there is a problem with that function. So no cause for alarm. You have done excellent job. Lets see if this tool gets rid of the tools we used. If it did then post back so we can archive this.

OTC

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: my hijack this log file, thanks for your help

Unread postby singanina » June 2nd, 2009, 5:26 am

yes, this works
singanina
Regular Member
 
Posts: 35
Joined: May 23rd, 2009, 2:20 pm

Re: my hijack this log file, thanks for your help

Unread postby NonSuch » June 2nd, 2009, 6:04 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware