Help - Search - Members
Full Version: The Logs
Piriform Community Forums > Computer Help and Discussion > Spyware Hell
illithid8
Jul 8 2007, 06:10 PM
Everything seems fine on my computer, but I guess I should just make sure...


QUOTE(HijackThis)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:10 PM, on 2007/07/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7228 bytes



QUOTE(BitDefender)
BitDefender Online Scanner - Real Time Virus Report







Generated at: Sun, Jul 08, 2007 - 18:18:05









Scan Info







Scanned Files


231925

Infected Files


7















Virus Detected







Generic.Adware.BHO.NXM.A4B5DB5B


1

DeepScan:Generic.Zlob.7.F16D393E


2

Generic.Downloader.NXM.4444C0EE


1

Generic.Downloader.NXM.43EB0EA0


1

Trojan.Click.EZ


2























This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.



QUOTE(SUPERAntiSpyware)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2007 at 07:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 00:26:07

Memory items scanned : 472
Memory threats detected : 4
Registry items scanned : 5670
Registry threats detected : 33
File items scanned : 30338
File threats detected : 239

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\MSOLE.DLL
C:\WINDOWS\MSOLE.DLL
C:\WINDOWS\MSDDE.DLL
C:\WINDOWS\MSDDE.DLL
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#msole [ {5C3917B0-09E6-4A9C-9677-DC2B228F0D98} ]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#msdde [ {BEEAE3D3-203C-42E4-A6D6-54092BC1D245} ]
C:\Documents and Settings\Trevor\Favorites\Error Cleaner.url
C:\Documents and Settings\Trevor\Favorites\Privacy Protector.url
C:\Documents and Settings\Trevor\Favorites\Spyware&Malware Protection.url
C:\DOCUMENTS AND SETTINGS\TREVOR\APPLICATION DATA\MICROSOFT\OFFICE\RECENT\INDEX.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP90\A0012389.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP90\A0013432.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP94\A0013530.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP94\A0013546.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP94\A0013578.LNK

Trojan.Downloader-MGRS
C:\WINDOWS\MGRS.EXE
C:\WINDOWS\MGRS.EXE
C:\WINDOWS\Prefetch\MGRS.EXE-34C3510A.pf

Trojan.Net-MSV/VPS-G
C:\WINDOWS\DDESUPPORT.DLL
C:\WINDOWS\DDESUPPORT.DLL

Trojan.Net-MSV/VPS
HKLM\Software\Classes\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}
HKCR\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}
HKCR\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}
HKCR\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}\InprocServer32
HKCR\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}\InprocServer32#ThreadingModel
HKCR\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}\ProgID
HKCR\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}\Programmable
HKCR\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}\TypeLib
HKCR\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer

Adware.Tracking Cookie
C:\Documents and Settings\Trevor\Cookies\trevor@amaena[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@go.winantivirus[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@www.tns-counter[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@67.15.239[4].txt
C:\Documents and Settings\Trevor\Cookies\trevor@enhance[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@f6.bestmanage[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@goclick[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@19[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@gomyron[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@go.drivecleaner[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@drivecleaner[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@f2.bestmanage[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@winantispyware[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@homepage[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@0[3].txt
C:\Documents and Settings\Trevor\Cookies\trevor@klik.klikadvertising[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@go.winantispyware[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@f1.bestmanage[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@0[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@www.winantispyware[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@67.15.239[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@f3.bestmanage[1].txt
C:\Documents and Settings\Trevor\Cookies\trevor@67.15.239[3].txt
C:\Documents and Settings\Trevor\Cookies\trevor@f6.bestmanage[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@stats1.reliablestats[2].txt
C:\Documents and Settings\Trevor\Cookies\trevor@winantispyware[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@2o7[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@achmedia[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ad.yieldmanager[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adbrite[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adinterax[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adopt.euroclick[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adrevolver[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adrevolver[3].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ads.adbrite[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ads.goyk[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ads.pointroll[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ads.us.e-planning[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adserver.adreactor[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adserver[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adtech[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adultadworld[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adultrevenueservice[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@advertising[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@apmebf[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@atdmt[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@atwola[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@brdteengal[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@bs.serving-sys[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@burstnet[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@casalemedia[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@clickandbuy[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@clicktorrent[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@counter12.sextracker[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@counter2.sextracker[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@counter4.sextracker[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@counter6.sextracker[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@cs.sexcounter[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@devart.adbureau[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@doubleclick[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ehg-aha.hitbox[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ehg-paloaltosoftwareinc.hitbox[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ehg-playboy.hitbox[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@fastclick[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@fhg.best-sex-galleries[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@focalex[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@forums.tidemedia.co[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@free.wegcash[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@go.sexprofit[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@gostats[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@greatgamesexperiment[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@hentaicounter[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@hentaiporn[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@herfirstlesbiansex[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@hotlog[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@humornsex[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@image.masterstats[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@indextools[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@info.xxx-sextoys[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@keywordmax[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@lastchancemedia[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@madtracker[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@media.funpic[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@mediaplex[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@metacafe.122.2o7[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@mtr.splash.sexsearch[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@overture[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@parentingteens.about[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@paycounter[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@perf.overture[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@porninspector[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@pornotube[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@qksrv[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@questionmarket[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@realmedia[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@revenue[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@revsci[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@rotator.adjuggler[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@server.cpmstar[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@serving-sys[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@sexlist[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@sextracker[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@sexyf***games[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@specificclick[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@stat.onestat[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@statcounter[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@statse.webtrendslive[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@tacoda[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@teen.secondlife[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@toplist[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@tradedoubler[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@trafficmp[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@tribalfusion[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@tripod[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@twelvefifteen[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@valueclick[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@vip.clickzs[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@virginteenlesbians[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@wt.sexsearchcom[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.adult-flash-games[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.adulthumor[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.burstnet[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.disneysex[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.herfirstlesbiansex[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[10].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[3].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[4].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[5].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[6].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[7].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.humornsex[8].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.madtracker[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.pornhentai[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.sexmaxx[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.tekno4advertising[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.thepornart[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.xxxasiandesire[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.xxxseek[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www2.mystats[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www2.mystats[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www7.addfreestats[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www8.addfreestats[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@xiti[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@xxxorientexpress.join4free[1].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@yadro[2].txt
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@zedo[1].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@247realmedia[2].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@2o7[1].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@advertising[2].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@atdmt[2].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@doubleclick[1].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@ehg-nvidia.hitbox[2].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@h.starware[1].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@hitbox[1].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@statcounter[1].txt
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@toplist[1].txt

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1004336348-1383384898-682003330-1003\Software\Microsoft\Internet Explorer\Main#Start Page [ http://gomyron.com/NjU2NA==/2/3560/homepage/ ]

Trojan.VideoCach/Gen
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\win32
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version
C:\Program Files\NewMediaCodec

Trojan.Media-Codec/V2
C:\Program Files\Video AX Object
HKU\S-1-5-21-1004336348-1383384898-682003330-1003\Software\Protection Tools

Trojan.Downloader-Gen/AVP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP96\A0013775.EXE

Desktop Hijacker.AboutYourPrivacy-Installer
C:\WINDOWS\MAIN_UNINSTALLER.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\GLWXIFM1\ind_txt[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\WLYBGPQJ\ind_tbl_bord[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\O1AFGHQ7\orng_cut1[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\GXE7G96N\cuts1[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\YLQPQZM5\orng_cut3[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\VIWJVTC9\shadow_cut4[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\O967KT2J\ind_txt_bg[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\C7RJQ0DX\support[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\9JRN9PWE\index[1].htm
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\W19L7246\box_cut3[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\VIWJVTC9\cuts3[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\ZRTZN9CW\download_bttn[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\W19L7246\download[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\W19L7246\logo[1].jpg
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\WLQJ2DUH\home[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\9JRN9PWE\box_bttm_bord[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\O967KT2J\ind_img4[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\Q1TIFY5O\shadow_right[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\GXE7G96N\ind_img5[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\8DYRS567\ind_box1[1].jpg
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\9JRN9PWE\box_cut4[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\C1UB8DUR\css[1].css
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\C7RJQ0DX2[1].swf
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\GXE7G96N\top_bg[1].jpg
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\8L6JWDEF\shadow_bottom3[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\9JRN9PWE\spacer[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\WLQJ2DUH\ind_img1[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\9JRN9PWE\shadow_con_right[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\VIWJVTC9\bg[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\O1AFGHQ7\bg_tbl[1].jpg
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\O967KT2J\logo[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\VIWJVTC9\shadow_cut1[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\VIWJVTC9\ind_img3[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\WLYBGPQJ\bg[1].jpg
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\C7RJQ0DX\index[1].htm
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\WLQJ2DUH\txt[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\C7RJQ0DX\spacer[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\Q1TIFY5O\orng_cut2[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\ZRTZN9CW\orng_cut4[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\YLQPQZM5\css_land[1].css
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\GLWXIFM1\bttn[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\O967KT2J\shadow_cut3[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\8DYRS567\shadow_bottom[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\GLWXIFM1\box[1].jpg
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\WLYBGPQJ\hd_bg[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\GLWXIFM1\list[1].gif
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\ZRTZN9CW\shadow_left2[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\WLYBGPQJ\ind_box[1].jpg
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\C7RJQ0DX\shadow_left[1].png
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\9JRN9PWE\counter21[1].htm
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\9JRN9PWE\in[1].htm
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\O1AFGHQ7\main[1].htm
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\KFL722NP\functions.js[1].php
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\9JRN9PWE\index[2].htm


QUOTE(AVG Anti-Spyware)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:54:21 PM 2007/07/08

+ Scan result:



C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@redir.adengage[2].txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@cj[1].txt -> TrackingCookie.Cj : Cleaned.
:mozilla.57:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.30:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.15:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.16:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Trev3\Cookies\trev@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.28:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.29:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.42:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Trevor\Desktop\Old Files\Documents and Settings\Trev_2\Cookies\trev_2@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end



Thanks! You people own! tongue.gif
rridgely
Jul 9 2007, 05:22 AM
Open hijackthis and run a system scan. Then check off the following entry:

O4 - HKLM\..\Run: [smgr] mgrs.exe

Then press "fix checked" and exit hijackthis.

---------

Look for this file and if found delete it:

C:\WINDOWS\MGRS.EXE

It shouldn't exist but if it does get rid of it.(let me know if you find it)


----------------

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.

illithid8
Jul 9 2007, 10:04 AM
Right, I removed it from startup, and mgrs.exe wasn't there.

QUOTE
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 09, 2007 12:05:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/07/2007
Kaspersky Anti-Virus database records: 359908
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 82420
Number of viruses found: 2
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:07:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E7D8C836.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\cert8.db Object is locked skipped
C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\history.dat Object is locked skipped
C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\key3.db Object is locked skipped
C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\parent.lock Object is locked skipped
C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Trevor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Trevor\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Trevor\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Trevor\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\xc3qwi8m.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Trevor\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Trevor\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Trevor\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP90\A0012384.exe Infected: Trojan-Downloader.Win32.Alphabet.k skipped
C:\System Volume Information\_restore{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP92\A0013475.exe Infected: Trojan-Downloader.Win32.Alphabet.k skipped
C:\System Volume Information\_restore{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP94\A0013685.exe Infected: Trojan-Downloader.Win32.Alphabet.k skipped
C:\System Volume Information\_restore{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP95\A0013727.exe Infected: Trojan-Downloader.Win32.Alphabet.j skipped
C:\System Volume Information\_restore{00A75A55-0647-4B34-BBB7-4B0F962AB3E0}\RP97\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\syswin.exe Infected: Trojan-Downloader.Win32.Alphabet.k skipped
C:\WINDOWS\system32\syswin6000.exe Infected: Trojan-Downloader.Win32.Alphabet.k skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
rridgely
Jul 9 2007, 12:15 PM
Delete these two files:

C:\WINDOWS\system32\syswin.exe
C:\WINDOWS\system32\syswin6000.exe

Then lets clear your infected restore points and make a clean one.

To Flush the infected restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

-------

If everything seems to be working than you should be good to go. smile.gif
illithid8
Jul 9 2007, 01:11 PM
Great! Thanks very much! Everything seems fine.

I'll be back biggrin.gif
rridgely
Jul 9 2007, 02:11 PM
Glad everything is working. smile.gif
For some advice on how to keep a clean computer take a look at this site:
http://internetrotsyourbrain.com/rridgely/...eprevention.htm
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.