blackworm

Unknown

I am getting a message saying that the computer might be infected with the blackworm virus and then being redirected to a page where i can download some things. I have run windows defender and norton and neither one has anything about blackworm. below is a hijackthis log file, could somebody please look at it and tell me if there is something going on

Logfile of HijackThis v1.99.1
Scan saved at 4:50:42 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Lizzie\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\jkhff.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106421667875
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


i just downloaded and ran vundofix and this is the file i got for it:

VundoFix V4.2.42

Checking Java version...

Scan started at 4:57:31 PM 3/29/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.ini2

C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\jkhff.dll
Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Trogan

OK Cool! Want to post a new HJT log?

wayfinder0

Sorry, here is the hijackthis logfile. I hope this helps you.
Logfile of HijackThis v1.99.1
Scan saved at 7:14:02 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Lizzie\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106421667875
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Trogan

You have a nasty worm on your computer that steals all kind of information from your computer. At this time, please change ALL your internet passwords (Forums, Email, etc) NOW from a non-infected computer and contact your bank(s) if you have made any transactions over the net. After doing that, follow below to remove the infection.

Before we begin, can you move HJT into its own folder on your desktop OR re-download HJT into its own folder on your desktop. Currently it is here:

C:\DOCUME~1\Lizzie\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

Now follow below - You may want to print these instructions out as you will have no internet connection later on!

================================================================

Download ATF (Atribune Temp File) Cleaner© by Atribune
http://www.atribune.org/ccount/click.php?id=1
It is a stand-alone program that does not need to be "installed". Save it to a convenient location and make a shortcut on your desktop. Do not use yet!


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
When installing the program, under "Additonal Options" uncheck...

• Install background guard
• Install scan via context menu

Once installed, update the definitions to the newest files. Do NOT run a scan yet!

================================================================

Open Task Manager by holding Ctrl+Alt+Delete.

Click the Process tab

Find windir32.exe

Click End Process

Close Task Manager and open it again. Make sure windir32.exe is not there!

================================================================

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked

================================================================

We need to search and delete the following:

Click Start > Search > All Files and Folders.
Expand More advanced options and make sure these boxes are checked

Search system folders
Search hidden files and folders
Search subfolders

Paste this into the Search box at the top:

windir32.exe

If any of these files are found please delete them.

================================================================

Go into Safe Mode - explained here

================================================================

Once in Safe Mode, do the following!

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

==========

Please run Ewido (Do not use the computer while Ewido is scanning as it may interfere while scanning)

• Click on scanner
• Click Complete System Scan and the scan will begin.
• NOTE: During some scans with ewido it is finding cases of false positives.
• You will need to step through the process of cleaning files one-by-one.
• If ewido detects a file you KNOW to be legitimate, select none as the action.
• DO NOT select "Perform action on all infections"
• If you are unsure of any entry found select none for now.
• When the scan is finished, click the Save report button at the bottom of the screen.
• Save the report to your desktop

Close Ewido

================================================================

Reboot back into Normal Mode and run the following online scans.

Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

BitDefender Free Online Virus Scan

- Once you are on the BitDefender site, click the I Agree button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- If you get a Confirm File Replace message to overwrite a file, click Yes
- When download is complete, click the Click here to scan button
- BitDefender will download the latest virus signatures.
- The scan will automatically start

- Once the scan is complete, click Close
- On the box that appears, press Click here to view the report button
- Chose either Send Report or Don’t send - It is your choice!
- Paste the entire contents of the scan here from the new window

================================================================

Please post the following in your next reply:

1. A new HJT log

2. Ewido log

3. Reports from online scans

wayfinder0

alright, I couldn't get bit defender to work so i didn't use that one. Here are the HJK log, the ewido log, and the panda log files:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:14 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Lizzie\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106421667875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---

ewido anti-malware - Scan report

---

+ Created on: 9:33:52 PM, 3/29/2006
+ Report-Checksum: 5F25782D

+ Scan result:

HKU\S-1-5-21-1357496610-1313397016-2601317690-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78653A3E-A63F-42A9-A6FE-7524F4058767} -> Adware.Virtumonde : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@e-2dj6wjkoojczwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@e-2dj6wjkyqjajwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@jcrew.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@saksfifthavenue.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Callie\Cookies\callie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.7:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.8:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.30:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.76:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.91:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.93:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.94:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.95:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.96:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.97:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.107:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.108:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.109:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.110:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.111:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.114:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.115:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.116:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.120:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.131:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.136:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.137:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.138:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.139:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.140:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.141:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.156:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.157:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.158:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.159:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.173:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.225:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.226:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.227:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.228:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.232:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.233:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.234:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.254:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.267:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.268:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.269:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.270:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.273:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.274:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.275:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ehg-wachovia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Mary Lauren\Application Data\Mozilla\Firefox\Profiles\14b7llhz.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@advertising[1].txt[/email] -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@bfast[2].txt[/email] -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@com[2].txt[/email] -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@cpvfeed[1].txt[/email] -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@data3.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@mediaplex[1].txt[/email] -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@sales.liveperson[2].txt[/email] -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@stats1.reliablestats[1].txt[/email] -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hixriy8w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup


::Report End
I will post the panda log shortly

wayfinder0

Incident Status Location

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Callie\Cookies\callie@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Callie\Cookies\callie@apmebf[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Callie\Cookies\callie@hc2.humanclick[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ktbv4u3e.default\cookies.txt[]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\David\Cookies\david@adrevolver[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\David\Cookies\david@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\David\Cookies\david@cgi-bin[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Cookies\david@realmedia[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\David\Cookies\david@target[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\David\Cookies\david@winfixer[2].txt
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lizzie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-66fc3e94-281312e5.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lizzie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-66fc3e94-281312e5.zip[NewURLClassLoader.class]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@atwola[1].txt[/email]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@searchportal.information[1].txt[/email]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Mary Lauren\Cookies\mary [email]lauren@winfixer[2].txt[/email]

Trogan

I deleted your other thread. Please stick to this one.

Please download Ad-Aware SE and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:

• General Button > Safety & Settings: Check (Green) all three.
• Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Click Proceed.
3) To start the scan, Click > "Scan Now" at left

• Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
• Select "Search for low-risk threats"
• Select "Perform full system scan"
• Click Next

4) When the scan has completed, select Next.

• In the Scanning Results window, select the "Critical Objects" tab.
• Right-click on the screen and choose "Select all objects"
• Click Next to remove the infections found, and click OK to the prompt.
• Restart the computer.

===========================

Download Spybot S & D from here.

1. Download and Install Spybot S&D (if you haven't already), accept the Default Settings
   
2. In the Menu Bar at the top of the Spybot window you will see 'Mode'.
   Make certain that 'default mode' has a check mark beside it.
   
3. Close ALL windows except Spybot S&D
   
4. Click the button to ‘Search for Updates’ then download and install the updates.
   
5. Next click the button ‘Check for Problems'
   
6. When Spybot is complete, it will be showing ‘RED’ entries, bold 'BLACK' entries and ‘GREEN’ entries in the window
   
7. Make certain there is a check mark beside all of the RED entries ONLY.
   
8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
   
9. REBOOT normally to complete the scan and clear memory.

===========================

Please run ATFCleaner again.

Reboot and post a new HJT log

wayfinder0

sorry about the other thread, not quite sure what i was thinking. i will run adaware, spybot s&d, and ATF Cleaner as soon as my recently downloaded panda titanium 2006 antivirus finishes scanning. thanks for your help so far.

wayfinder0

here is the hijackthis logfile you wanted, i hope it helps:
Logfile of HijackThis v1.99.1
Scan saved at 3:11:58 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106421667875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Trogan

No problem about the other thread.

Your log is clean.

Are you still having problems?

wayfinder0

no, not having anymore problems. does it matter that there are 5 different user accounts on this machine?

Trogan

What do you mean?

wayfinder0

i ran adaware, spybot, panda, ATF Cleaner, and hijackthis in my account. There are four other accounts on the same computer and i'm wondering if the problem might still be on the computer even though it is no longer in my account. I think that explanation makes sense, but it might not.

Trogan

It makes sense

I had a feeling that is what you meant but just wanted to confirm.

Malware can sometimes be on one account and not another. If you want, i'd be happy to look at the HJT log from the other accounts.

wayfinder0

these are the logfiles from the two other accounts that are the most used. thanks for offering to look at them.

Logfile of HijackThis v1.99.1
Scan saved at 4:01:14 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Documents and Settings\Lizzie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106421667875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Logfile of HijackThis v1.99.1
Scan saved at 4:03:16 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Documents and Settings\Callie\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baylorschool.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106421667875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Trogan

Good news and bad news.

Good news first.
The second Log is clean

Bad news:
The first log is infected with the nasty worm you had. Follow the instructions on Post #4 again for the other account.

wayfinder0

This is the hijackthis log for the infected account, the ewido log is after it (panda didn't report anything)
Logfile of HijackThis v1.99.1
Scan saved at 6:20:06 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Lizzie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106421667875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---

ewido anti-malware - Scan report

---

+ Created on: 5:24:32 PM, 3/30/2006
+ Report-Checksum: 51252ACF

+ Scan result:

HKU\S-1-5-21-1357496610-1313397016-2601317690-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78653A3E-A63F-42A9-A6FE-7524F4058767} -> Adware.Virtumonde : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Callie\Application Data\Mozilla\Firefox\Profiles\26b79qm6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup


::Report End

I hope this account is alright now.

Trogan

Good Job!

Last thing to note. If you use WatherBug, thats fine. If not, then please uninstall it from Add/Remove programs. Then, remove the following with HJT:

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Find and Delete this folder:

C:\Program Files\AWS << this folder


Apart from that the logs are clean!


Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. If you don't have a Firewall, then choose ONE below

Zone Alarm
Sygate
Sunbelt Kerio PF

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have one, choose ONE from below.

Nod32
AVG Free Edition
AntiVir
avast! 4 Home Edition

Install and keep updated, Ad-Aware SE, and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.

Install and keep updated, SpywareBlaster and SpywareGuard

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

Clear your Temp folders.
Go to Start > Control Panel > Internet Options.
Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Click the Delete Cookies... button and press OK

Also, go to Start > Find/Search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

Clear out temp files from the following location. Change "username" to whatever you have on your computer.

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.


It is very important that system files and folders are hidden again, so that they DO NOT get deleted by mistake.

Windows XP
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading, make sure that the option Do not show hidden files and folders is selected.
* Make sure there is a TICK next to the Hide protected operating system files (recommended) option.
* Click Apply to confirm.
* Click OK.


For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run | type msconfig | Press Enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.


Please consider joining the Folding@Home Project
Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
MORE INFO: READ THIS