1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Your computer is infected!" popup from task tray

Discussion in 'Virus & Other Malware Removal' started by prolab7881, Jan 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. prolab7881

    prolab7881 Thread Starter

    Joined:
    Jan 15, 2007
    Messages:
    11
    Somehow I got infected with something that is putting a red circle icon with a white X in my task tray. Every 5 seconds it pops up a window stating "Your computer is infected!", etc. etc.

    I would appreciate anyone's help of how to remove this. My spyware software did not resolve the problem. I have downloaded HighJackThis and below is the output of the scan.

    Logfile of HijackThis v1.99.1
    Scan saved at 8:02:16 PM, on 1/15/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\WINDOWS\System32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\SpywareBot\SpywareBot.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\winstall.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Owner\vkfwntfk.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [System32] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
    O4 - HKLM\..\Run: [System32ouZ] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
    O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
    O4 - Startup: Compaq Organize.lnk = ?
    O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whlnsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://ebunge.net/InternalSite/WhlCompMgr.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Thanks.
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, prolab7881 :)

    Welcome to the forum.

    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  3. prolab7881

    prolab7881 Thread Starter

    Joined:
    Jan 15, 2007
    Messages:
    11
    Thanks for the reply. Here's the output of SmitFraudFix:

    SmitFraudFix v2.132

    Scan done at 21:38:43.42, Mon 01/15/2007
    Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\winstall.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

    C:\Documents and Settings\Owner\Application Data\Install.dat FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\PestTrap\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, prolab7881. :)

    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG] Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly


    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:


    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    While in Safe Mode, double-click on SmitfraudFix.exe

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    * Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.

    * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" Delete everything except for "My Current Home Page". Click OK then Apply and OK.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware report, ActiveScan report and contents of C:\rapport.txt produced by Smitfraudfix.
     
  5. prolab7881

    prolab7881 Thread Starter

    Joined:
    Jan 15, 2007
    Messages:
    11
    I followed your instructions. Here are the logs starting with HijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:44:21 PM, on 1/16/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\WINDOWS\System32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\tkqzrlam.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [System32ouZ] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
    O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: Compaq Organize.lnk = ?
    O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whlnsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://ebunge.net/InternalSite/WhlCompMgr.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    ----------------------------------
    ActiveScan Report
    ----------------------------------

    Incident Status Location

    Adware:Adware/SpySheriff Not disinfected c:\winstall.exe
    Potentially unwanted tool:Application/WinAntivirus Not disinfected c:\windows\system32\ntsystem.exe
    Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Owner\tkqzrlam.exe
    Adware:adware/spysheriff Not disinfected c:\winstall.exe
    Potentially unwanted tool:application/pesttrap Not disinfected c:\program files\PestTrap
    Spyware:spyware/searchcentrix Not disinfected Windows Registry
    Virus:trj/banbra.bqs Disinfected Operating system
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt[.go.com/]
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt[.ct.360i.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
    Adware:Adware/MalwareAlarm Not disinfected C:\Program Files\PestTrap\heur000.dll
    Adware:Adware/MalwareAlarm Not disinfected C:\Program Files\PestTrap\heur001.dll
    Adware:Adware/MalwareAlarm Not disinfected C:\Program Files\PestTrap\heur002.dll
    Adware:Adware/MalwareAlarm Not disinfected C:\Program Files\PestTrap\heur003.dll
    Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\SpywareBot\Quarantine\13-01-2007-13-08-58\10002.qit
    Virus:Trj/Kameruks.B Disinfected C:\Program Files\SQT3\Square3.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-3410435740-2327825341-4199771028-1003\Dc1.zip[SmitfraudFix/Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-3410435740-2327825341-4199771028-1003\Dc3.exe[smitRem/Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Smit\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Smit\smitRem\Process.exe
    Potentially unwanted tool:Application/Spyagent.A Not disinfected C:\WINDOWS\libimg.dll

    -----------------------------------
    rapport.txt
    -----------------------------------

    SmitFraudFix v2.132

    Scan done at 20:50:13.34, Tue 01/16/2007
    Run from C:\Smit\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Documents and Settings\Owner\Application Data\Install.dat Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  6. prolab7881

    prolab7881 Thread Starter

    Joined:
    Jan 15, 2007
    Messages:
    11
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:46:13 PM 1/16/2007

    + Scan result:



    C:\Program Files\PestTrap -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\PestTrap.dvm -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\PestTrap.exe -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\Uninstall.exe -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\base.avd -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\base001.avd -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\base002.avd -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\found.wav -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\heur000.dll -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\heur001.dll -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\heur002.dll -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\heur003.dll -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\notfound.wav -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\PestTrap\removed.wav -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\SpywareBot\Quarantine\14-01-2007-01-45-50\10564.qit -> Adware.Pesttrap : Cleaned with backup (quarantined).
    C:\Program Files\SpywareBot\Quarantine\14-01-2007-01-45-50\10565.qit -> Adware.Pesttrap : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pest Trap -> Adware.Pesttrap : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3410435740-2327825341-4199771028-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PestTrap -> Adware.Pesttrap : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3410435740-2327825341-4199771028-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Cleaned with backup (quarantined).
    C:\Program Files\SpywareBot\Quarantine\14-01-2007-01-45-50\10568.qit -> Adware.SpyMarshal : Cleaned with backup (quarantined).
    C:\Program Files\SpywareBot\Quarantine\14-01-2007-01-45-50\10569.qit -> Adware.SpyMarshal : Cleaned with backup (quarantined).
    C:\Program Files\SpywareBot\Quarantine\14-01-2007-01-45-50\10570.qit -> Adware.SpyMarshal : Cleaned with backup (quarantined).
    C:\Program Files\SpywareBot\Quarantine\14-01-2007-01-45-50\10571.qit -> Adware.SpyMarshal : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP601\A0035258.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP601\A0035259.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP601\A0035260.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP601\A0035261.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
    C:\Program Files\SpywareBot\Quarantine\14-01-2007-01-45-50\10574.qit -> Adware.SpySheriff : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP601\A0035262.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP602\A0035458.exe -> Downloader.Zlob.bbr : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\evopwsbs.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\ibstsohs.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\nxkwzmnj.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\qoiprazj.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\vkfwntfk.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\vsbtsluz.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP602\A0035387.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP602\A0035388.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP602\A0035455.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP602\A0035392.dll -> Not-A-Virus.Monitor.Win32.SpyAgent.g : Cleaned with backup (quarantined).
    C:\WINDOWS\SystemSA32.dll -> Not-A-Virus.Monitor.Win32.SpyAgent.g : Cleaned with backup (quarantined).
    :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.376:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.442:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.581:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.614:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.422:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.423:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.386:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
    :mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.522:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.619:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Program Files\SpywareBot\Quarantine\13-01-2007-13-08-58\10016.qit -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.297:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

    (Continued in next post due to length)
     
  7. prolab7881

    prolab7881 Thread Starter

    Joined:
    Jan 15, 2007
    Messages:
    11
    C:\Program Files\SpywareBot\Quarantine\13-01-2007-13-08-58\10001.qit -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.464:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.465:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.579:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.580:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.447:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    :mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    :mozilla.384:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Program Files\SpywareBot\Quarantine\13-01-2007-13-08-58\10010.qit -> TrackingCookie.Doubleclick : Cleaned.
    C:\Program Files\SpywareBot\Quarantine\14-01-2007-01-45-50\10000.qit -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.804:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.454:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.387:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.578:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.602:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.686:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.721:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.797:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.834:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.840:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.604:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.605:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.631:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.632:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.561:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.562:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    C:\Program Files\SpywareBot\Quarantine\13-01-2007-13-08-58\10012.qit -> TrackingCookie.Overture : Cleaned.
    :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
    :mozilla.596:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
    :mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.252:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.542:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
    :mozilla.705:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.707:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.709:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.710:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.711:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.712:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.713:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.714:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.717:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.718:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.719:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.563:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.565:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.566:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.567:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.424:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.425:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.426:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.427:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.428:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.429:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.430:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.431:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.432:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.433:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.434:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.298:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.299:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.300:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.469:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.607:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.273:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.615:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.616:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\SpywareBot\Quarantine\13-01-2007-13-08-58\10018.qit -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.418:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.419:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.420:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.421:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4905ppa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP601\A0034890.exe -> Trojan.Agent.rx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP602\A0035393.dll -> Trojan.Agent.rx : Cleaned with backup (quarantined).


    ::Report end
     
  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, prolab7881 :)

    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [System32ouZ] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
    O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Spytech Software
    SpywareBot
    PestTrap


    Please note any other programs that you dont recognize in that list in your next response

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\Spytech Software
    C:\Program Files\SpywareBot
    c:\program files\PestTrap


    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      c:\winstall.exe
      c:\windows\system32\ntsystem.exe
      C:\Documents and Settings\Owner\tkqzrlam.exe
      C:\WINDOWS\libimg.dll


    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    Post a fresh Hijackthis log and let me know how is the computer doing?
     
  9. prolab7881

    prolab7881 Thread Starter

    Joined:
    Jan 15, 2007
    Messages:
    11
    So far so good. I have not seen the red circle icon with an X through it since performing the instructions in your last post.

    In the Add/Remove programs, I removed Spyware Bot and PestTrap; Spytech Software did not exist. I didn't notice any other unusual programs in the list. Same for removing directories under C:\. Removed Spyware Bot and PetTrap; Spytech Sotware did not exist.

    When running Killbox, I did not receive any "PendingFileRenameOperations" prompt and the computer restarted on it's own.

    The only abnormal thing I've noticed after doing these steps is that when I reboot the computer, I get a runtime error when Windows starts up.

    Invalid BackWeb application id "1940576"

    Here is the fresh HJT log. Thanks for all of your help.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:04:00 PM, on 1/17/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\InterMute\IMStart.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Compaq Organize.lnk = ?
    O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whlnsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://ebunge.net/InternalSite/WhlCompMgr.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
     
  10. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, prolab7881 :)

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Restart the computer.

    Let me know if you still receiving errors at startup.
     
  11. prolab7881

    prolab7881 Thread Starter

    Joined:
    Jan 15, 2007
    Messages:
    11
    That fixed it. Thank you very much! No more runtime error.

    And that annoying red icon (with the white X) is still gone so I can now surf the net in peace without that window popping up every 5 seconds.

    Thanks again. I'm going to make a donation for your great help.
     
  12. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, prolab7881. :)

    Congratulations.[​IMG]

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

    (Windows XP)

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK..

    Create a Restore point:
    1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
    2. In the System Restore dialog box, click Create a restore point, and then click Next.
    3. Type a description for your restore point, such as "After Cleanup", then click Create.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
    5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    6. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

    Click Here for some advise from our security Experts.

    Please use the thread's Tools and mark this thread as "Solved".

    Best wishes! [​IMG]
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/535603

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice