ericagm

August 18, 2008

Thanks SO much for ALL your help!!

August 14, 2008

I couldn't figure out how to view the log. Here is what I got:

8/11/2008 3:21:30 AM:437

Immunizer Results

ActiveX section has been immunized. No items were processed.

8/11/2008 9:24:05 AM:0

Immunizer Results

ActiveX section has been immunized, Processed 2 items.

8/11/2008 1:41:41 PM:750

Service Stopped

Spyware Doctor Service Application Stopped

8/11/2008 1:43:26 PM:140

Service Started

Spyware Doctor Service Application started

8/11/2008 1:43:26 PM:156

OnGuards status

All OnGuards were Enabled

8/11/2008 1:43:26 PM:906

Immunizer Results

ActiveX section has been immunized. No items were processed.

8/11/2008 1:43:34 PM:843

Scan Started

Scan Type - Full Scan

8/11/2008 1:43:34 PM:843

Startup Scan

Initialising Startup Scan:Full scan of this computer

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_872265 .statcounter.com

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VID .yadro.ru

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2410742 .statcounter.com

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2704265 .statcounter.com

8/11/2008 1:44:47 PM:515

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_1228341 .statcounter.com

8/11/2008 1:44:48 PM:15

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fobbcox7Ceglcmac .2o7.net

8/11/2008 1:44:48 PM:15

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_gijrkx7C .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_gijupe .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fx60ejdhj .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fhkpwjv .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_bx7Bhx7Fx7Eybnfx23nbx60 .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_mkikx7Eiixxebkx7F .2o7.net

8/11/2008 1:44:48 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_zfowgx60zkx7Ccgocg .2o7.net

8/11/2008 1:44:48 PM:125

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .kango.112.2o7.net

8/11/2008 1:44:48 PM:437

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ACOOKIE statse.webtrendslive.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - recentviewslr .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - k .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - visitorId .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - rvd .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - prf .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - _jsen1 .nextag.com

8/11/2008 1:44:48 PM:500

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - recentview .nextag.com

8/11/2008 1:44:48 PM:703

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - HumanClickACTIVE server.iad.liveperson.net

8/11/2008 1:44:48 PM:703

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - HumanClickID server.iad.liveperson.net

8/11/2008 1:44:48 PM:843

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - XCLGFbrowser .com.com

8/11/2008 1:44:48 PM:843

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .ice.112.2o7.net

8/11/2008 1:44:49 PM:31

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VISID counter.hitslink.com

8/11/2008 1:44:49 PM:687

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrSCD www.bluemountain.com

8/11/2008 1:44:49 PM:687

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrOSSID www.bluemountain.com

8/11/2008 1:44:49 PM:687

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - mc_p .bluemountain.com

8/11/2008 1:44:49 PM:687

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrSSID www.bluemountain.com

8/11/2008 1:44:49 PM:890

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - buzz466 www.buzztone.com

8/11/2008 1:44:50 PM:312

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - id .doubleclick.net

8/11/2008 1:44:50 PM:734

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - lsn_statp .linksynergy.com

8/11/2008 1:44:50 PM:734

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - lsn_track .linksynergy.com

8/11/2008 1:44:51 PM:375

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - HumanClickID sales.liveperson.net

8/11/2008 1:44:51 PM:921

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .mohg.112.2o7.net

8/11/2008 1:44:51 PM:937

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .viamtvcom.112.2o7.net

8/11/2008 1:44:52 PM:140

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - NC1U www3.addfreestats.com

8/11/2008 1:44:52 PM:203

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .avgtechnologies.112.2o7.net

8/11/2008 1:44:52 PM:281

Infection was detected on this computer

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - HISTORY .adultfriendfinder.com

8/11/2008 1:44:52 PM:281

Infection was detected on this computer

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - ffadult_tr .adultfriendfinder.com

8/11/2008 1:44:52 PM:625

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .webxites.122.2o7.net

8/11/2008 1:44:52 PM:765

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .warnerbros.112.2o7.net

8/11/2008 1:44:53 PM:0

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .saksfifthavenue.122.2o7.net

8/11/2008 2:11:58 PM:875

Immunizer Results

ActiveX section has been immunized. No items were processed.

8/11/2008 2:32:54 PM:250

Scan Finished

Scan Type - Full Scan

Items Processed - 288187

Threats Detected - 3

Infections Detected - 46

Infections Ignored - 0

8/11/2008 2:36:31 PM:937

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - NC1U www3.addfreestats.com

8/11/2008 2:36:31 PM:968

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - lsn_track .linksynergy.com

8/11/2008 2:36:31 PM:984

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - lsn_statp .linksynergy.com

8/11/2008 2:36:32 PM:31

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - XCLGFbrowser .com.com

8/11/2008 2:36:32 PM:31

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - HumanClickID server.iad.liveperson.net

8/11/2008 2:36:32 PM:46

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - HumanClickACTIVE server.iad.liveperson.net

8/11/2008 2:36:32 PM:78

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - recentview .nextag.com

8/11/2008 2:36:32 PM:93

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - _jsen1 .nextag.com

8/11/2008 2:36:32 PM:93

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - prf .nextag.com

8/11/2008 2:36:32 PM:93

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - rvd .nextag.com

8/11/2008 2:36:32 PM:93

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - visitorId .nextag.com

8/11/2008 2:36:32 PM:109

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - k .nextag.com

8/11/2008 2:36:32 PM:109

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - recentviewslr .nextag.com

8/11/2008 2:36:32 PM:125

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_1228341 .statcounter.com

8/11/2008 2:36:32 PM:140

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2704265 .statcounter.com

8/11/2008 2:36:32 PM:140

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2410742 .statcounter.com

8/11/2008 2:36:32 PM:140

Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_872265 .statcounter.com

8/11/2008 2:36:32 PM:375

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .saksfifthavenue.122.2o7.net

8/11/2008 2:36:32 PM:375

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .warnerbros.112.2o7.net

8/11/2008 2:36:32 PM:421

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .webxites.122.2o7.net

8/11/2008 2:36:32 PM:421

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .avgtechnologies.112.2o7.net

8/11/2008 2:36:32 PM:421

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .viamtvcom.112.2o7.net

8/11/2008 2:36:32 PM:484

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .mohg.112.2o7.net

8/11/2008 2:36:32 PM:484

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - HumanClickID sales.liveperson.net

8/11/2008 2:36:32 PM:484

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - id .doubleclick.net

8/11/2008 2:36:32 PM:515

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - buzz466 www.buzztone.com

8/11/2008 2:36:32 PM:515

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrSSID www.bluemountain.com

8/11/2008 2:36:32 PM:578

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - mc_p .bluemountain.com

8/11/2008 2:36:32 PM:578

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrOSSID www.bluemountain.com

8/11/2008 2:36:32 PM:578

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ClrSCD www.bluemountain.com

8/11/2008 2:36:32 PM:593

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VISID counter.hitslink.com

8/11/2008 2:36:32 PM:671

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .ice.112.2o7.net

8/11/2008 2:36:32 PM:687

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ACOOKIE statse.webtrendslive.com

8/11/2008 2:36:32 PM:687

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi .kango.112.2o7.net

8/11/2008 2:36:32 PM:718

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_zfowgx60zkx7Ccgocg .2o7.net

8/11/2008 2:36:32 PM:718

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_mkikx7Eiixxebkx7F .2o7.net

8/11/2008 2:36:32 PM:734

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_bx7Bhx7Fx7Eybnfx23nbx60 .2o7.net

8/11/2008 2:36:32 PM:781

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fhkpwjv .2o7.net

8/11/2008 2:36:32 PM:796

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fx60ejdhj .2o7.net

8/11/2008 2:36:32 PM:796

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_gijupe .2o7.net

8/11/2008 2:36:32 PM:796

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_gijrkx7C .2o7.net

8/11/2008 2:36:32 PM:796

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net

8/11/2008 2:36:32 PM:875

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fobbcox7Ceglcmac .2o7.net

8/11/2008 2:36:32 PM:937

Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VID .yadro.ru

8/11/2008 2:36:33 PM:593

Infection cleaned

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - ffadult_tr .adultfriendfinder.com

8/11/2008 2:36:33 PM:593

Infection cleaned

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - HISTORY .adultfriendfinder.com

8/11/2008 2:36:39 PM:62

Infections Quarantined/Removed Summary

Quarantined - 0

Quarantine Failed - 0

Removed - 46

Remove Failed - 0

8/11/2008 3:02:41 PM:671

Immunizer Results

ActiveX section has been immunized. No items were processed.

8/11/2008 6:00:20 PM:625

Scan Started

Scan Type - Intelli-Scan

8/11/2008 6:00:20 PM:687

Scheduled task started

Initializing Scheduled task: Intelli-Scan of this computer

8/11/2008 6:00:41 PM:218

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_872265 .statcounter.com

8/11/2008 6:00:41 PM:281

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - VID .yadro.ru

8/11/2008 6:00:41 PM:281

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2410742 .statcounter.com

8/11/2008 6:00:41 PM:281

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_2704265 .statcounter.com

8/11/2008 6:00:41 PM:281

Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - session_1228341 .statcounter.com

8/11/2008 6:00:41 PM:828

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_fobbcox7Ceglcmac .2o7.net

8/11/2008 6:00:41 PM:828

Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - s_vi_x60x7Dyqx60fubqxxuzpxxqx7Dgafq .2o7.net

August 11, 2008

I haven't heard the random sound clips yet!!! phew! I re-ran Spy Doctor and it said I had A LOT of infected files with Application.TrackingCookies, Adware.Advertising, and Spyware.Known_Bad_Sites. Is this the same issue? or something completely different? I click to Clean the files, but every time I re-scan, files continue to be infected. I'm not sure if this is related to my previous problem??

August 10, 2008

When I reran Hijack This, these did not show up:

O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing)

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)

O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)

O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)

O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)

O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing)

Last night I didn't restart my computer, so I'm thinking that I needed to reboot my computer in order for the cleaning to take effect. ?

Here is my new log (all clean?):

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:13:42 PM, on 8/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Antivirus\pccguide.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--

End of file - 11210 bytes

August 10, 2008

OTMoveIT2 Log:

Explorer killed successfully

Service not present: afinding.

Service not present: macidwe.

Service not present: NOBICYT.

Service not present: perfs.

Service not present: routing.

Service not present: sobicyt.

Service not present: tdxdowkc.

Service not present: wserving.

C:\WINDOWS\system32\AFinding.exe moved successfully.

C:\WINDOWS\system32\macidwe.exe moved successfully.

C:\WINDOWS\system32\Nobicyt.exe moved successfully.

C:\WINDOWS\system32\perfs.exe moved successfully.

C:\WINDOWS\system32\routing.exe moved successfully.

C:\WINDOWS\system32\sobicyt.exe moved successfully.

C:\WINDOWS\system32\tdxdowkc.exe moved successfully.

C:\WINDOWS\system32\WServing.exe moved successfully.

Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08102008_045554

Updated Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:57:43 AM, on 8/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AFinding.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\macidwe.exe

C:\WINDOWS\system32\Nobicyt.exe

C:\WINDOWS\system32\perfs.exe

C:\WINDOWS\system32\routing.exe

C:\WINDOWS\system32\sobicyt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Antivirus\pccguide.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\WINDOWS\system32\tdxdowkc.exe

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\WServing.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\EricaGM\Desktop\OTMoveIt2.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe