Logfile of HijackThis v1.99.1
Scan saved at 12:59:46 AM, on 12/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O15 - Trusted Zone:
http://login.live.com
O15 - Trusted Zone:
http://www.hotmail.msn.com
O15 - Trusted Zone:
http://www.myspace.com
O15 - Trusted Zone:
http://download.windowsupdate.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/St ... b46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) -
http://zone.msn.com/bingame/zpagames/zp ... b48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) -
http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) -
http://zone.msn.com/bingame/zpagames/zp ... b51411.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) -
http://gamedownload.ijjimax.com/gamedow ... in7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v ... b53083.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -
http://zone.msn.com/bingame/zpagames/zp ... b42858.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -
http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -
http://zone.msn.com/binframework/v10/St ... b41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:46:25 AM 12/23/2006
+ Scan result:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20061222-173701-901.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP239\A0363694.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP239\A0363705.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rqrppqn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP225\A0356389.exe -> Downloader.Zlob.bbq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP227\A0357477.exe -> Downloader.Zlob.bbq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP227\A0357476.exe -> Downloader.Zlob.bbz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP227\A0357475.tlb -> Downloader.Zlob.jp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP239\A0363704.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvdok.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.44:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.61:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.62:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.64:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.65:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.66:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.31:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.32:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.33:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.36:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.37:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.50:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.51:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.7:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\ntkernel.exe -> Trojan.Agent.abx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP239\A0363675.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP227\A0357440.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\VundoFix Backups\winwea32.dll.bad -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\Documents and Settings\Charlie\My Documents\LimeWire Pro 4.12.4\crack\crack.exe/THM_AV~1.EXE -> Trojan.Pakes : Cleaned with backup (quarantined).
::Report end
Charlie - 06-12-23 1:01:57.90 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Charlie\My Documents"
((((((((((((((((((((((((((((((( Files Created from 2006-11-23 to 2006-12-23 ))))))))))))))))))))))))))))))))))
2006-12-22 17:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-22 17:19 <DIR> d-------- C:\Program Files\Grisoft
2006-12-22 16:59 109,666 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2006-12-10 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2006-12-05 17:18 <DIR> d-------- C:\VundoFix Backups
2006-12-04 17:15 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-04 17:15 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-04 17:15 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-04 17:15 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-04 17:15 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-04 17:15 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-03 22:36 <DIR> d-------- C:\Program Files\HijackThis
2006-12-03 15:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-03 14:22 <DIR> d-------- C:\WINDOWS\temp
2006-12-02 19:37 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\SearchToolbarCorp
2006-12-02 19:36 88,340 --a------ C:\WINDOWS\system32\yrgxcgvi.exe
2006-12-02 19:36 126,996 --a------ C:\WINDOWS\system32\fnfkitlm.dll
2006-12-02 17:53 <DIR> d-------- C:\Program Files\MSN Games
2006-12-02 17:53 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\funkitron
2006-11-30 18:55 <DIR> d-------- C:\Program Files\iTunes
2006-11-30 18:55 <DIR> d-------- C:\Program Files\iPod
2006-11-30 18:52 <DIR> d-------- C:\Program Files\QuickTime
2006-11-30 18:50 <DIR> d-------- C:\Program Files\Apple Software Update
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-23 00:55 -------- d-------- C:\Program Files\Common Files
2006-12-23 00:50 -------- d-------- C:\Program Files\eMule
2006-12-23 00:49 -------- d-------- C:\Program Files\Plaxo
2006-12-22 17:25 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-17 01:34 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-12 15:48 -------- d-------- C:\Documents and Settings\Charlie\Application Data\LimeWire
2006-11-21 20:03 -------- d---s---- C:\Documents and Settings\Charlie\Application Data\Microsoft
2006-11-21 19:07 -------- d-------- C:\Program Files\MSN Messenger
2006-11-19 22:55 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-19 22:54 -------- d-------- C:\Program Files\NetMeeting
2006-11-14 21:06 420 --a------ C:\WINDOWS\tmpcpyis.bat
2006-11-14 21:06 122 --a------ C:\WINDOWS\tmpdelis.bat
2006-11-14 21:05 26 --a------ C:\WINDOWS\winstart.bat
2006-11-14 20:58 -------- d-------- C:\Program Files\Square Soft, Inc
2006-11-09 15:01 -------- d-------- C:\Program Files\Google
2006-10-13 11:30 668976 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"=""
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.11.1.5\\PlaxoHelper.exe -a"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Spyware Doctor"=""
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1133663716\\ee\\AOLSoftware.exe"
"Home Theater SchSvr"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"WINREMOTE"="\"C:\\Program Files\\InterVideo\\Common\\Bin\\WinRemote.exe\""
"zzzHPSETUP"="D:\\Setup.exe \\RESET"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Spyware Doctor"=""
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Spyware Doctor"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Charlie.job
C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-12-23 1:03:09.45
C:\ComboFix.txt ... 06-12-23 01:03
C:\ComboFix2.txt ... 06-12-23 00:56
sorry for the inconvenience