Jump to content


Photo

Dr Watson Postmortem debugger


  • This topic is locked This topic is locked
13 replies to this topic

#1 afhopie44

afhopie44

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 July 2007 - 01:18 PM

Does anyone know what the heck this thing is?? Whenever I try to go to my documents, then go to my pictures and click on a picture.. I get an error message that says, "Dr Watson Postmorten Debugger has encountered an error and needs to close." And then I can send error report. But my computer freezes up and I have to restart it every time this happens. It used to happen to my computer a long time ago but then it stopped. Well now its back and its driving me crazy!!

My computer also just randomly freezes sometimes. And I have to restart it. It happens more often whenever I have a bunch of tabs/websites open at one time.

I did a scan using AVG and it said no threats were found.



I use mozilla firefox with popup blocker. I rarely use Internet explorer, only if a program requires that I use IE.

I have antivirus software:
AVG
Adaware
Spybot search & destroy


Can someone help me figure out whats going on?

Ewido Report:
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Revsci
Path: C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickhype
Path: :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.332:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.334:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.342:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.343:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.345:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.346:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.347:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.348:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.349:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.350:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.359:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.384:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.385:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.391:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.392:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.394:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.395:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.397:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.401:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.402:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.403:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.404:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.405:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.473:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.474:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.475:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.484:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.490:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.491:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.492:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.493:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.494:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.495:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.496:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.497:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.498:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.499:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.501:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.502:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.503:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.504:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.505:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.506:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.507:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.508:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.509:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.510:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.511:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.512:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.513:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paypal
Path: :mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Coremetrics
Path: :mozilla.610:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Coremetrics
Path: :mozilla.611:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.629:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.630:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.631:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.632:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.633:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.634:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.635:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.636:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.647:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Esomniture
Path: :mozilla.652:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.653:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.654:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.655:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.656:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.657:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.658:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.659:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.662:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.663:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: :mozilla.664:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.758:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.775:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.782:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.783:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.784:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.785:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: :mozilla.842:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.849:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cookies.txt
Risk: Medium



Hijack This LOG:
Logfile of HijackThis v1.99.1
Scan saved at 12:22:14 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\ewido_micro(2).exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [win01] C:\DOCUME~1\Owner\APPLIC~1\GRAMSE~1\Meta Eq Cake.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1173150955453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

EDIT:
On July 11, .. I got an error message when I went into my pictures.
This is a screen cap of the message

http://img264.images...80/erroruk8.jpg

I Just ran my ad aware, and avg programs yesterday to check for viruses/spyware and nothing came up.

Edited by afhopie44, 11 July 2007 - 12:31 PM.


#2 afhopie44

afhopie44

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 July 2007 - 01:21 PM

Sorry forgot to add that I am using a Dell computer, with Windows XP operating system.

Kapersky scan log:
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 07, 2007 6:51:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/07/2007
Kaspersky Anti-Virus database records: 359481
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 53700
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:35:49

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03052007-191309.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\SpySweeperLog.txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BB1C0069-9CB1-4FF8-98AC-6D03844408D0} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\1gm94aje.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007070720070708\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Mobipocket Shared\error_log.txt Object is locked skipped
C:\Program Files\Common Files\Skyscape\smARTupdate.log Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{52C4FFCD-C0ED-448E-A3AD-7DCA578FBF73}\RP200\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.





Bit Defender Scan log:
BitDefender Online Scanner







Scan report generated at: Sat, Jul 07, 2007 - 15:48:51









Scan path: A:\;C:\;D:\;E:\;















Statistics

Time


01:23:58

Files


199960

Folders


5825

Boot Sectors


2

Archives


1996

Packed Files


8799







Results

Identified Viruses


0

Infected Files


0

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


0







Engines Info

Virus Definitions


637601

Engine build


AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

No virus found.

Edited by afhopie44, 07 July 2007 - 05:55 PM.


#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 10 July 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 13 July 2007 - 10:03 AM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please change the location of HijackThis.exe.
Create a new folder in your C: Drive
Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
This way you can undo any changes if something goes wrong and will prevent the tool placing shortcuts on your Desktop.

=*=

Find out if you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).
Also look if next are present in software > add/remove programs and uninstall them:

CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media


In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

Then reboot. Important!

=*=

Disable SpySweeper:
You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.

If you have Spy Sweeper version 4:
  • Open SpySweeper, Click Options over on the left, then Program options
  • Uncheck load at windows startup.
  • Over to the left, Click shields and Uncheck all there.
  • Uncheck home page shield.
  • Uncheck automatically restore default without notification .
  • Close SpySweeper.
  • Reboot your machine for the changes to take effect before running HJT.

If you have SpySweeper version 5:

To disable SpySweeper Shields
  • Open SpySweeper, Click Shield Settings on the right

    (or Shields on the left, depending what screen you're on).
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Hosts File and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Close SpySweeper.
  • Reboot you computer, and ensure Spy Sweeper is disabled.
After all of the fixes are complete it is very important that you enable SpySweeper again.

Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKCU\..\Run: [win01] C:\DOCUME~1\Owner\APPLIC~1\GRAMSE~1\Meta Eq Cake.exe


Click on Fix Checked when finished and exit HijackThis.

Delete these folders in bold if found.
C:\Program Files\NetRatingsNetSight\
C:\DOCUME~1\Owner\APPLIC~1\GRAMSE~1\

Restart the compter normally.

After reboot enable the security programs.

Then,

* Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new Hijackthis log.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 25 July 2007 - 08:44 AM

Due to the lack of feedback this Topic is closed.

[Reopened]

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 01 August 2007 - 07:39 PM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 02 August 2007 - 08:12 AM

afhopie44 I'm listening.

Please post a fresh HijackThis log and let me know what problem persists.

Before you do, please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Delete the older version once you have successfully downloaded and installed the latest version.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 afhopie44

afhopie44

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 05 August 2007 - 06:31 PM

Here is the Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 7:50:40 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1173150955453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

And also .... Logfile results:
--------------------------------------------------------
File(s) moved to C:\deljob

A99216E991998F41.job
--------------------------------------------------------
Files remaining after cleaning

AppleSoftwareUpdate.job
MP Scheduled Scan.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is E441-05FA

Directory of C:\Documents and Settings\Owner\Application Data

07/06/2007 11:26 PM <DIR> .
07/06/2007 11:26 PM <DIR> ..
03/25/2007 10:15 PM <DIR> acccore
04/08/2007 09:51 AM <DIR> Adobe
03/18/2007 02:46 PM <DIR> Ahead
04/03/2007 09:41 PM <DIR> APPLEC~1 Apple Computer
08/01/2007 08:00 AM <DIR> AVG7
07/24/2007 10:38 AM <DIR> Azureus
05/23/2007 10:52 AM <DIR> BITDOW~1 BitDownload
07/30/2007 12:59 PM <DIR> Corel
06/09/2007 03:43 PM <DIR> GRAMSE~1 Gram Send
03/05/2007 03:03 PM <DIR> GTek
03/29/2007 04:01 PM <DIR> Help
03/05/2007 12:21 PM <DIR> IDENTI~1 Identities
03/05/2007 04:03 PM <DIR> Lavasoft
03/06/2007 07:00 PM <DIR> MACROM~1 Macromedia
04/04/2007 10:18 PM <DIR> MEDIAP~1 Media Player Classic
06/09/2007 02:37 PM <DIR> MICROS~1 Microsoft
05/05/2007 02:33 PM <DIR> MOBIPO~1 Mobipocket Reader
04/23/2007 05:00 PM <DIR> MOVENE~1 Move Networks
03/26/2007 07:41 PM <DIR> Mozilla
03/07/2007 10:32 AM <DIR> MSNINS~1 MSNInstaller
03/10/2007 12:16 PM <DIR> Opera
03/14/2007 05:05 PM <DIR> Real
03/06/2007 04:18 PM <DIR> Sun
06/07/2007 07:21 PM <DIR> VIEWPO~1 Viewpoint
03/13/2007 03:17 PM <DIR> Vso
07/06/2007 11:26 PM <DIR> Webroot
06/25/2007 06:40 PM <DIR> WinRAR
0 File(s) 0 bytes
29 Dir(s) 9,626,066,944 bytes free
Volume in drive C has no label.
Volume Serial Number is E441-05FA

Directory of C:\Documents and Settings\All Users\Application Data

07/07/2007 02:25 PM <DIR> .
07/07/2007 02:25 PM <DIR> ..
06/10/2007 07:20 PM <DIR> Adobe
03/09/2007 10:33 PM <DIR> ADOBES~1 Adobe Systems
03/13/2007 03:13 PM <DIR> Ahead
06/02/2007 08:51 AM <DIR> AOL
06/02/2007 08:50 AM <DIR> AOLDOW~1 AOL Downloads
03/25/2007 10:12 PM <DIR> AOLOCP~1 AOL OCP
03/12/2007 06:09 PM <DIR> APPLEC~1 Apple Computer
06/09/2007 02:56 PM <DIR> avg7
04/06/2007 09:17 AM <DIR> Corel
06/09/2007 02:40 PM <DIR> Grisoft
06/09/2007 03:43 PM <DIR> ISOMOR~1 IsoMorePopPile
07/07/2007 02:25 PM <DIR> KASPER~1 Kaspersky Lab
03/26/2007 04:25 PM <DIR> Kodak
03/22/2007 06:17 PM <DIR> MICROS~1 Microsoft
07/11/2007 03:12 AM <DIR> MICROS~2 Microsoft Help
04/04/2007 06:17 PM <DIR> OFFICE~1 Office Genuine Advantage
03/13/2007 02:37 PM <DIR> Real
03/05/2007 07:40 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
06/02/2007 08:51 AM <DIR> VIEWPO~1 Viewpoint
03/05/2007 03:38 PM <DIR> WINDOW~1 Windows Genuine Advantage
0 File(s) 0 bytes
22 Dir(s) 9,626,066,944 bytes free
--------------------------------------------------------

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 06 August 2007 - 07:01 AM

This is the only think I see that needs to be done.

Download: Microsoft Task Scheduler Command Line Utility from http://mvps.org/winhelp2002/jt.zip

Unzip and copy jt.exe to your C:\Windows folder.

Open Notepad, copy and paste the text below and "Save As" KillJobs.bat
In the "Save as type" select: All Files

@echo off
jt /sd A99216E991998F41.job

Copy KillJobs.bat to your C:\Windows folder.
Double-click on "KillJobs.bat"
(when prompted, allow the file to run)
If you need help on "How to Make a .Bat File"
See: http://www.nellie2.co.uk/file.htm.

Install this new version HijackThis v2.0.2: as requested on my previous post.

Submit a fresh HijackThis and let me know if you have any problems.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 afhopie44

afhopie44

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 12 August 2007 - 02:17 PM

C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1173150955453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 8661 bytes

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 12 August 2007 - 03:50 PM

Please run HijackThis again submit a fresh HijackThis log for my review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 afhopie44

afhopie44

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 15 August 2007 - 07:28 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:11 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1173150955453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 8592 bytes

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 16 August 2007 - 07:42 AM

Nice Work your log is clean.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 27 August 2007 - 07:30 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button