Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware slips by Norton

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Adware slips by Norton

Unread postby Kurt » February 1st, 2008, 3:45 pm

A pesky adware virus has found me, please help! I have Norton Internet Security but had Spyware and Phishing Protection disabled and maybe Firewall. I've run Trend Micro Housecall65 which did remove some things but the problem remains. I believe this came from an install of windvd from a p2p download. :(

Thanks, Kurt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:34 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\wamp\wampmanager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 7.0] "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe"
O4 - HKLM\..\Run: [11a57f58] rundll32.exe "C:\WINDOWS\system32\qxtxobec.dll",b
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8482090953
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6458588359
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 15431 bytes
Kurt
Regular Member
 
Posts: 27
Joined: February 1st, 2008, 2:48 pm
Advertisement
Register to Remove

Re: Adware slips by Norton

Unread postby DFW » February 2nd, 2008, 8:31 pm

Hello and wecome, My name is DFW and I will be assisting you with your malware issues .

Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Adware slips by Norton

Unread postby Kurt » February 3rd, 2008, 1:24 am

Okay done! Thanks for helping me through this.
Kurt
Regular Member
 
Posts: 27
Joined: February 1st, 2008, 2:48 pm

Re: Adware slips by Norton

Unread postby DFW » February 3rd, 2008, 8:02 am

Hi Kurt



Rename HJT

Useing My Computer (Windows Explorer) to go to the HiJackThis folder
In your case, the HiJackThis folder will be: C:\Program Files\Trend Micro\HijackThis\
(double click C:, then double click Program Files, double click Trend Micro, then double click the HijackThis folder)
In the top menu, click View, Details
Right button-click on the file named HijackThis.exe and select Rename.
Type in the new filename as seemeknow.exe
Hit <Enter> and close MyComputer.




1.Download this combofix from one of the links below and save it to your desktop

Link 1
Link 2
Link 3

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note: Combofix should not be used without supervision



Please post back the Combofix Log, a new HJT Log.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Adware slips by Norton

Unread postby Kurt » February 3rd, 2008, 1:46 pm

Okay, I renamed HijackThis.exe to seemeknow.exe.

However I tried (2 locations) downloading and installing ComboFix.exe to the desktop as suggested and receive this error message: "Error - You cannot rename ComboFix as ComboFix. Please use another name." I've tried renaming to FixCombo.exe and Combo.exe but get the same error.

Please advise.
Kurt
Regular Member
 
Posts: 27
Joined: February 1st, 2008, 2:48 pm

Re: Adware slips by Norton

Unread postby DFW » February 3rd, 2008, 2:27 pm

Hi Kurt, try this



1.Download this combofix from this link below and save it to your desktop


http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe

When saving it rename it to Combo-Fix.exe,



2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note: Combofix should not be used without supervision



Please post back the Combofix Log, a new HJT Log.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Adware slips by Norton

Unread postby Kurt » February 3rd, 2008, 3:06 pm

Thanks DFW,

I finally got ComboFix working before your last post. Here's what I did: rebooted, (ComboFix.exe again failed), then renamed ComboFix.exe to somethingelse.exe and it began working!

Here are the logs:

ComboFix 08-02.03.1 - Kurt LeBlanc 2008-02-03 13:16:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1380 [GMT -5:00]
Running from: C:\Documents and Settings\Kurt LeBlanc\Desktop\somethingelse.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddcyvuu.dll
C:\WINDOWS\system32\pmkhi.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\bxylcqpm.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ceboxtxq.ini
C:\WINDOWS\system32\ddcyvuu.dll
C:\WINDOWS\system32\dsqptpdq.dll
C:\WINDOWS\system32\flfrcoqb.dll
C:\WINDOWS\system32\grhsnval.ini
C:\WINDOWS\system32\hlrehtmo.ini
C:\WINDOWS\system32\hrnykhho.ini
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\lavnshrg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlmeaagn.ini
C:\WINDOWS\system32\mpqclyxb.ini
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\vvmbavvw.dll
C:\WINDOWS\system32\wfsgxlaj.ini
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 13:25 . 2008-02-03 13:25 <DIR> d-------- C:\PollManager
2008-02-01 14:13 . 2008-02-01 14:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 18:21 . 2008-01-31 18:21 <DIR> d-------- C:\Documents and Settings\Kurt LeBlanc\Application Data\Symantec
2008-01-31 18:11 . 2007-03-28 20:29 131,944 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2008-01-31 18:11 . 2007-03-28 20:48 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2008-01-31 18:11 . 2007-03-28 20:29 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2008-01-31 18:11 . 2007-03-28 20:23 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2008-01-30 13:45 . 2008-01-30 13:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-30 13:42 . 2008-01-30 13:58 <DIR> d-------- C:\Documents and Settings\Kurt LeBlanc\.housecall6.6
2008-01-29 09:49 . 2008-01-29 09:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-26 22:14 . 2008-01-26 22:14 <DIR> d-------- C:\Documents and Settings\Kurt LeBlanc\Application Data\InterVideo
2008-01-26 21:43 . 2006-05-11 18:41 654 --------- C:\WINDOWS\remove.iss
2008-01-26 21:38 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-26 21:32 . 2008-01-26 21:37 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-26 01:29 . 2008-01-26 01:29 <DIR> d-------- C:\Temp\Firefox_bak
2008-01-22 00:54 . 2008-02-03 12:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-22 00:54 . 2008-01-22 00:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 00:53 . 2008-01-22 00:53 <DIR> d-------- C:\Program Files\iTunes
2008-01-22 00:53 . 2008-01-22 00:53 <DIR> d-------- C:\Program Files\iPod
2008-01-22 00:25 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-22 00:25 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-01 19:29 --------- d-----w C:\Program Files\Google
2008-01-31 23:10 --------- d-----w C:\Program Files\Symantec
2008-01-31 23:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-31 02:24 --------- d-----w C:\Program Files\Java
2008-01-27 02:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 00:46 --------- d-----w C:\Documents and Settings\Kurt LeBlanc\Application Data\Ahead
2008-01-22 05:52 --------- d-----w C:\Program Files\QuickTime
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-13 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-05 14:03 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 14:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 14:03 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2006-09-21 14:41 236 ----a-w C:\Documents and Settings\Kurt LeBlanc\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58 458752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-27 17:10 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-27 17:10 86016]
"nwiz"="nwiz.exe" [2006-09-27 17:10 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 23:47 827392]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-21 23:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 17:21 135168]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 18:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 15:40 1884160]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 07:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 01:22 26248]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"Symantec Backup Exec System Recovery 7.0"="C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" [2007-03-28 20:40 2037352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

C:\Documents and Settings\Kurt LeBlanc\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-20 20:51:19 113664]
WampServer.lnk - C:\wamp\wampmanager.exe [2004-06-27 19:57:36 1101824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-20 20:51:19 113664]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-20 20:51:19 113664]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30 73728]
Suitcase Startup.lnk - C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe [2006-12-27 02:06:30 3145728]

R2 Backup Exec System Recovery;Backup Exec System Recovery;C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [2007-03-28 20:40]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 08:00]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 18:49]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" [2007-01-09 22:17]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2006-10-22 03:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 18:33:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-03 18:30:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-26 03:22:39 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Kurt LeBlanc.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 13:33:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????I??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2008-02-03 13:41:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 18:41:10
.
2008-01-30 17:54:16 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:12 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\wamp\wampmanager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\seemeknow.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 7.0] "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8482090953
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6458588359
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 16471 bytes
Kurt
Regular Member
 
Posts: 27
Joined: February 1st, 2008, 2:48 pm

Re: Adware slips by Norton

Unread postby DFW » February 4th, 2008, 2:26 pm

Hi Kurt


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u4.
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.



Run ATF Cleaner before kaspersky online scan

Please download ATF Cleaner here by Atribune.
This program is for XP and Windows 2000 only. It does not require any installation and uses minimal system resources.
It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s.[/b]

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Kaspersky Online Scanner .

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence,
click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Go Here http://www.kaspersky.com/kos/english/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Adware slips by Norton

Unread postby Kurt » February 5th, 2008, 10:51 am

DFW,

I'm up and running much better thank you! ComboFix seemed to get rid of the adware popups. And thanks for the cleanup tips. A few things to note:

1. After rebooting from ComboFix, Norton Internet Security requested that I download and run NCO_BHO.reg. This resolved a Norton Phishing Protection error condition.
2. I ran Kaspersky Online Scanner. No errors noted during first 4 hours of running. Let run overnight. Next morning Norton Internet Security requested a reboot. No Kaspersky log found nor any option to save one.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:49 AM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\wamp\wampmanager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\seemeknow.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 7.0] "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8482090953
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6458588359
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 16668 bytes
Kurt
Regular Member
 
Posts: 27
Joined: February 1st, 2008, 2:48 pm

Re: Adware slips by Norton

Unread postby DFW » February 5th, 2008, 1:44 pm

Hi Kurt, I would of liked to see the KA online scan log, but dont worry for now, I think we still need to double
check, just to be on the safe side that your system is clean.



AVG Anti-Spyware

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

After 30 days it will become a free on-demand scanning only tool

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful.
    (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now
    change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.


Now run the ATF cleaner again


We Now Need To Boot Into Safemode Now

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc (BOOT SCREEEN).
At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.




Run AVG in Safe Mode


  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button This must done before saving the report
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
      Image
  • Right-click the AVG Tray Icon and select Exit.
  • Now copy the report back to this topic.






Reboot and post the AVG Log and a new HJT Log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Adware slips by Norton

Unread postby Kurt » February 5th, 2008, 5:07 pm

Okay done!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:15:33 PM 2/5/2008

+ Scan result:



C:\Program Files\music_now\inetchk.exe -> Hijacker.Small : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Kurt LeBlanc\Application Data\Netscape\NSB\Profiles\qjlbxqxg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.405:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.726:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.819:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.823:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.880:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Kurt LeBlanc\Application Data\Netscape\NSB\Profiles\qjlbxqxg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.691:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.692:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.857:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.858:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.859:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.860:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.263:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.264:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.268:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.269:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.301:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.304:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.305:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.306:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.64:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.66:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.67:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.68:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.69:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\Kurt LeBlanc\Application Data\Netscape\NSB\Profiles\qjlbxqxg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Kurt LeBlanc\Application Data\Netscape\NSB\Profiles\qjlbxqxg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.121:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.122:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.123:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.124:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.125:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Kurt LeBlanc\Application Data\Netscape\NSB\Profiles\qjlbxqxg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.462:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.72:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.90:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.856:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.861:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.862:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.863:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.733:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Kurt LeBlanc\Cookies\kurt_leblanc@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.852:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.853:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.538:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.539:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.540:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.541:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.542:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.543:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.544:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.545:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.546:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.7:C:\Documents and Settings\Kurt LeBlanc\Application Data\Netscape\NSB\Profiles\qjlbxqxg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.92:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.483:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.476:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.477:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.499:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.500:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.366:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.666:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.667:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.695:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.696:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.763:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.764:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.765:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.766:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.769:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.770:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.771:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.828:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.903:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kurt LeBlanc\Cookies\kurt_leblanc@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.214:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.217:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.137:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.138:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.139:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.625:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.636:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.747:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.83:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.84:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.85:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.280:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.281:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.433:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.434:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.435:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.436:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.437:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.438:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.439:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.440:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.441:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.442:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.443:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.61:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.62:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.70:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.71:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.479:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.485:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.486:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.478:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.72:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.73:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.74:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.75:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.76:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.77:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.78:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.79:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.80:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.81:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.84:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.85:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.86:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.87:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.88:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.10:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.14:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.15:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.16:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.17:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.18:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.9:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.130:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.131:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.132:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.133:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.134:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.209:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.872:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.480:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.482:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.487:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.488:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.489:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.490:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.491:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.492:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.493:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.494:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.102:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\Documents and Settings\Kurt LeBlanc\Application Data\Mozilla\Firefox\Profiles\3rsn7fyb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.585:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.774:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.705:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.706:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.389:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.390:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.391:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.392:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.393:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.369:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.370:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.371:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.372:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.373:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.374:C:\Temp\Firefox_bak\FEBE 2008 01-26 01.34.28\cookies{default}.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:47 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\wamp\wampmanager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\EditPlus 2\editplus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\seemeknow.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 7.0] "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8482090953
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6458588359
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 17160 bytes
Kurt
Regular Member
 
Posts: 27
Joined: February 1st, 2008, 2:48 pm

Re: Adware slips by Norton

Unread postby DFW » February 6th, 2008, 5:41 am

How are things now, you log looks fine now, and there not a lot in the AVG Log, as long as all is ok now follow the instrustion below
to clean up and add a little more protection that I think you need.

I would keep AFT Cleaner, and run every few days, as I said before AVG turns into a free version after 30 days, uninstall or keep it's up to you.



Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.





Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from inadvertently connecting to malware, spyware and adware sites by redirecting the connection request back to your own machine address (127.0.0.1). It is a very effective defense system.
If you are part fo a business network, if you are on AOL, or if you use Norton to scan e-mail, be sure to read the special instructions in the tutorial below..

Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK


Download BlueTack's HOSTS Manager here, using Internet Explorer:
http://www.bluetack.co.uk/forums/index.php?act=dscript&CODE=showdetails&f_id=5
A short distance down the page in the center, click on the Download button.
Agree to the license.
On the next page, to the right side of where it says "Download Estimates, right click on the underlined word "Hosts Manager" choose "Save Target As" and download the installer Hosts20setup.exe to your desktop.
Double click the Installer on your desktop and let it Install the Hosts Manager

After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the Hosts Switch icon).
When the manager comes up, got to the left pane, click Download.
It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then Save.
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.

If you have a firewall, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.






  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.



Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Any more questions

.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Adware slips by Norton

Unread postby Kurt » February 6th, 2008, 10:44 am

DFW,

Thanks! This has been very helpful.
Kurt
Regular Member
 
Posts: 27
Joined: February 1st, 2008, 2:48 pm

Re: Adware slips by Norton

Unread postby 'KotaGuy » February 20th, 2008, 12:57 pm

This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 262 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware