PDA

View Full Version : Spybot freezing at CoolWWWSearch



AingeaL73
2007-02-17, 17:24
I've been having problems with my computer for about a month. It runs very slowly, and I have to restart it repeatedly just to get work done. When I run Spybot, it freezes at CoolWWWSearch every time. I also have CWS Shredder, which tells me I don't have CoolWWWSearch. What is going on?

When I try to run an online scan, it just makes my computer freeze. After trying this 4 times I've given up. I hope it's okay that I don't have the results from that, because the computer keeps freezing.

HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 10:23:54 AM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\AOL\1103318930\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
c:\program files\common files\aol\1103318930\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\common files\aol\1103318930\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinAce\WinAce.exe
C:\Documents and Settings\Annie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [C9] C:\documents and settings\annie\local settings\temp\C9.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103318930\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Advisor - {A2C3AAB5-2BCC-4B78-A697-70B1235C7039} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6.0.2.21/superbingo/superbingo-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.8.4.51/lottso/lottso-en_US.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154037993843
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_0.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

AingeaL73
2007-02-18, 23:16
Just an update....Firefox keeps crashing. I basically have been restarting my computer every 30 minutes or so.

AingeaL73
2007-02-19, 22:15
Sorry to keep adding new replies, but I don't see an Edit button anywhere.
I was able to do an online scan, here's the results:


Scan Results: Scan Completed. 66581 files scanned. No viruses found.

File Infection Status Path
- No Infections

pskelley
2007-02-19, 23:08
Welcome to the forum, I don't see anything that should be causing this many problems, but you never know, let start like this.

1) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

2) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm

3) Your Java program is out of date and a security risk, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_03\ <<< out of date, download the newest version and uninstall all old version in Add Remove Programs.

4) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

5) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

6) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

7) I can't get a good read on this one: C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
Looks to be an anti-spyware program from Trend Micro and it may block us also, turn it off until you run the fix.

8) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessen...search/ie.html
O4 - HKLM\..\Run: [C9] C:\documents and settings\annie\local settings\temp\C9.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...ll/Coupons.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

9) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\documents and settings\annie\local settings\temp\ <<< open that Temp folder and delete the contents (NOT THE FOLDER)

10) Follow the instruction in this link to run update and run AVG Anti-Spyware (which you have onboard)
Make sure you delete or at least quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165

11) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the scan report from AVG Anti-Spyware, the uninstall list, a new HJT log and your comments.

Thanks

AingeaL73
2007-02-20, 05:17
HJT is now in its own folder, C:\HJT\HijackThis.exe.

I removed my old version of Java, and started installing the new one. My computer froze halfway through, and I had to manually restart it. Now, I am trying to remove the "halfway version" so I can download the whole thing, and every time I try to uninstall it, I get a message that says "Fatal error during installation." If I try to install it WITHOUT uninstalling it, it tells me to uninstall first.

Should I continue with the steps, or wait until I can download Java?



Here is my uninstall list:

Ad-Aware SE Personal
Adelphia High-Speed Internet Self Care
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Adobe SVG Viewer 3.0
AIDA32 v3.50
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Software Update
AVG Anti-Spyware 7.5
BitLord 1.1
Canon MP Drivers
Coloreal
Compaq Advisor
Compaq SetRefresh
CompuServe 2000
DirectX Media Runtime 5.1
Easy Access Button Support
Encarta Online
Express Burn
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InterActual Player
InterVideo Installer
InterVideo WinDVD
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 3
Jewel Quest (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Logitech IM Video Companion
Logitech ImageStudio
Logitech Print Service
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 6.0
Microsoft XML Parser and SDK
ModemXpert
Mozilla Firefox (2.0.0.1)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Nero Media Player
NeroVision Express 2
NETGEAR WG111 Software
NetWaiting
Network Play System (Patching)
Norton AntiVirus 2002
NVIDIA Windows 2000/XP Display Drivers
NVIDIA Windows 2000/XP nForce Drivers
Paint Shop Pro 7 Anniversary Edition
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shockwave
SoulSeek Client 156c
Spybot - Search & Destroy 1.4
Trend Micro Anti-Spyware
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Ultimate Game Pak
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
WexTech AnswerWorks
WinAce Archiver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip
Yahoo! Messenger
Yahoo! Toolbar

pskelley
2007-02-20, 13:02
Please continue with the balance of the instructions. It may be that file running from C:\documents and settings is causing all of the issues?

Might as well look at the Uninstall list since you were nice enought to post it. I am looking for bad programs and security problems. It is a good chance for you to look for programs you no longer use to get rid of. That's you call, here is what I see.
Viewpoint Media Player: For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint

As far as I can see, everything else looks ok. I'll post a little information from Java, perhaps once you have removed the junk and we give AVG Anti-Spyware and ATF-Cleaner a chance to clean what we can't see, you should be able to complete Java installation. If you can remove what you have done so far, do so and come back to Java later.

http://www.java.com/en/download/windows_xpi.jsp
http://www.java.com/en/download/manual.jsp
http://www.java.com/en/download/help/5000010800.xml
http://java.sun.com/j2se/1.4.2/docs/guide/deployment/installation/windows/iftw-update/faq.html
http://www.java.com/en/download/installed.jsp

Thanks

AingeaL73
2007-02-24, 19:39
Okay. Figured out how to fix Java on my own, did that. Uninstalled Viewpoint Media Player. Made files/folders visible. Downloaded ATF Cleaner to the desktop. Deactivated the "Resident Shield" from AVG. Turned off the Venus Spytrap from Trend Micro. Removed listed programs with HJT. Deleted contents of TEMP folder.

Will finish the rest in a minute..

AingeaL73
2007-02-24, 19:44
Oh, everything deleted from the TEMP folder except this:

Perflib_Perfdata_100

I have no idea what it is, but it says it's already running.

pskelley
2007-02-24, 20:08
Look at this topic:
http://forums.techguy.org/security/447626-trojan-vs-norton-antivirus.html
in post #2 on 05-Mar-2006 04:51 PM You will see the same item. We need to know what it is.
Use one or more of these free online scanners to find out:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

Post the results. Continue with the rest of the instructions. After you run ATF Cleaner in #11, then post the information I requested:

Restart the computer and post the scan report from AVG Anti-Spyware, the uninstall list, a new HJT log and your comments.

There is no need to post the uninstall list again.
Thanks

AingeaL73
2007-02-25, 05:47
You're clean!

Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted.

I ran the other two scanners just in case and they all say it's nothing.




Report from AVG scan...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:46:53 PM 2/24/2007

+ Scan result:



:mozilla.196:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.354:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.254:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.255:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.256:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.257:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.258:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.259:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.84:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.416:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.417:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.43:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.239:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.240:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.241:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.343:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.225:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.226:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.227:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.228:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.229:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.230:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.231:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.232:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.385:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.411:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned.
:mozilla.404:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.384:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.174:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.175:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.176:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.177:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.169:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.170:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.171:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.172:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.173:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.386:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.387:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.388:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.237:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.238:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.400:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.401:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.402:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.403:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.249:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.250:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.165:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.166:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.167:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.168:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.283:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.285:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.286:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.287:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.288:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.289:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.47:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.48:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.49:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.50:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.51:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.52:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.399:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.150:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.151:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.152:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.153:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.154:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.155:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.156:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.157:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.158:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.159:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.222:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.425:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.11:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.41:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.42:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.44:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.45:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.46:C:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\o5dmcbp5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end



Ran ATF cleaner and deleted everything.

AingeaL73
2007-02-25, 05:49
New HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:51 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\AOL\1103318930\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\program files\common files\aol\1103318930\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1103318930\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103318930\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {A2C3AAB5-2BCC-4B78-A697-70B1235C7039} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154037993843
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_0.ocx
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

AingeaL73
2007-02-25, 05:52
Oh, and if there is anything in the HJT log that isn't unsafe, but it's something that I don't need to run on the computer, could you please let me know so I can delete it? This is a 2002 system with other hard drives holding all my music, movies, etc. (They are not hooked up at this time and I have no problems with them, just this machine.) So anything I can get rid of that I don't need...well that's what I'm looking to do. :bigthumb:


Thanks so much for all your help!

pskelley
2007-02-25, 11:40
Thanks for returning your information, your HJT log looks clean of malware. You are starting programs at every boot you may not need and could access in Start > All Programs when you do. This information will explain.
http://netsquirrel.com/msconfig/

Some information to help you stop getting those junk cookies in Firefix:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html

I suggest you do this: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

AingeaL73
2007-02-25, 23:51
Thank you!