View Full Version : Malware Removal Help
antixcutie
2007-06-06, 11:26
I keep getting these pop ups, and i used spybot and adaware on it but after it removes it i go back onto internet explorer and the pops would come back immediately, also i try to block 3rd party cookies, but every time i turn on IE it turns back to accept all cookies i dont know why. it all happened after i tried to install something shady lol i thought it was a valid program but i after it installed i got the smitfraud and winagent32 things, but i managed to get rid of them i think
The cookies that come back are: Advertisement.com, DoubleClick, Avenue A., Zeto, and various others
This is my HJT log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:24:33 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Common Files\AOL\1147711924\ee\AOLSoftware.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Tammy Tran\My Documents\Installers\VundoFix.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.weather.com/weather/local/48187
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - F:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - F:\WINDOWS\system32\tfrltmme.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - F:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {9A853E36-4A35-4DBF-9C03-AD9423798E35} - (no file)
O2 - BHO: (no name) - {9D29496D-DBAC-BF6F-D17F-8BADABB07492} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B8013C6F-83FC-ED5F-D17F-8BADABB07596} - (no file)
O2 - BHO: (no name) - {B8051E67-D1AD-BE53-D17F-8BADABB07596} - (no file)
O2 - BHO: (no name) - {B89379D7-4B95-4BC7-9C80-C2F623A3697E} - (no file)
O2 - BHO: (no name) - {C6721C64-DDA8-BE63-D17F-8BADABB07596} - (no file)
O2 - BHO: (no name) - {C67C496F-8FF9-ED6F-D17F-8BADABB07596} - (no file)
O2 - BHO: (no name) - {E3544A6E-D7A9-BF5F-D17F-8BADABB07492} - (no file)
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - F:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] F:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] F:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] "F:\Program Files\Common Files\AOL\1147711924\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AVG7_CC] "F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: ddcbbcd - ddcbbcd.dll (file missing)
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - F:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9072 bytes
pskelley
2007-06-07, 01:32
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Let me say first that cookies are a part of doing business on the web, see this information:
http://www.google.com/search?hl=en&defl=en&q=define:Cookies&sa=X&oi=glossary_definition&ct=title
Some cookies are required for security passwords, etc. and some website won't even work unless you allow their cookies. Having said that, here is how to control them.
Internet Explorer: http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx
Firefox: http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Looks like you have been fighting a Vundo infection, here is some information about that junk:
Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://msmvps.com/blogs/spywaresucks/search.aspx?q=winfixer+msn
http://www.revenews.com/wayneporter/archives/adware-spyware-greynets/getting_the_fix_on_winfixer_aol_network_now/
Let's clean the rest of the junk and see what happens, like this:
1) F:\Documents and Settings\Tammy Tran\My Documents\Installers\VundoFix.exe
Remove this and any under Vundofix files you have on the computer. If you ever need it again it would need to be downloaded fresh.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - F:\WINDOWS\system32\tfrltmme.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - F:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {9A853E36-4A35-4DBF-9C03-AD9423798E35} - (no file)
O2 - BHO: (no name) - {9D29496D-DBAC-BF6F-D17F-8BADABB07492} - (no file)
O2 - BHO: (no name) - {B8013C6F-83FC-ED5F-D17F-8BADABB07596} - (no file)
O2 - BHO: (no name) - {B8051E67-D1AD-BE53-D17F-8BADABB07596} - (no file)
O2 - BHO: (no name) - {B89379D7-4B95-4BC7-9C80-C2F623A3697E} - (no file)
O2 - BHO: (no name) - {C6721C64-DDA8-BE63-D17F-8BADABB07596} - (no file)
O2 - BHO: (no name) - {C67C496F-8FF9-ED6F-D17F-8BADABB07596} - (no file)
O2 - BHO: (no name) - {E3544A6E-D7A9-BF5F-D17F-8BADABB07492} - (no file)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
Trojan-Spy.Win32.Banker.to by Ikarus
O20 - Winlogon Notify: ddcbbcd - ddcbbcd.dll (file missing)
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) Don't confuse this with your antivirus program, in is another program completely. Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post. http://forums.security-central.us/showthread.php?t=3165
5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the copmputer and post that scan results and a new HJT log. Tell me how the computer is running.
Thanks
antixcutie
2007-06-07, 05:48
Sweet niblets! Thanks! i started using IE just to check if things are going good and if i still get the pop ups, i surfed the internet for a few mins, cause it only takes a few mins to start poping up, and nothing has popped up yet so im crossing my fingers that it stays this way. THANK you very much for helping me and spending time to help me correct my problems :)
Heres my HJT File:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:41:04 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Common Files\AOL\1147711924\ee\AOLSoftware.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.weather.com/weather/local/48187
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - F:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - F:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] F:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] F:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] "F:\Program Files\Common Files\AOL\1147711924\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AVG7_CC] "F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - F:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8242 bytes
antixcutie
2007-06-07, 05:50
And heres the AVG Anti-Spyware Scan Report:
F:\HijackThis\backups\backup-20070606-194929-712.dll -> Adware.BHO : Cleaned.
F:\Program Files\iWin Games\iWinGamesHookIE.dll -> Adware.BHO : Cleaned.
[688] F:\PROGRA~1\IWINGA~1\IWINGA~1.DLL -> Adware.BHO : Cleaned.
HKLM\SOFTWARE\Classes\AppID\{FD452F78-C495-40A1-B5BD-D8A586CA7F23} -> Adware.RogueSuspect : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{17BB6D1C-BCD3-4667-B56D-ABBBD2230042} -> Adware.RogueSuspect : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{856D8ADB-99C3-4AEA-B294-E3FBDBC198CF} -> Adware.RogueSuspect : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{FF1AECC7-0C21-4B5F-BD3F-8D5B0BF042D9} -> Adware.RogueSuspect : Cleaned.
HKLM\SOFTWARE\Classes\Interface\{157BF1E5-C86C-48E7-ADCC-2890C45B63CE} -> Adware.RogueSuspect : Cleaned.
HKLM\SOFTWARE\Classes\Interface\{1A5D27ED-D7EC-4ED3-A631-64CAA8482D27} -> Adware.RogueSuspect : Cleaned.
HKLM\SOFTWARE\Classes\Interface\{C5B002C9-E508-4723-AB34-2AC6B5E3DC0E} -> Adware.RogueSuspect : Cleaned.
HKLM\SOFTWARE\Classes\TypeLib\{D89D48EF-8915-4729-954E-69F3C6C3F19E} -> Adware.RogueSuspect : Cleaned.
:mozilla.547:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.556:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.609:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
antixcutie
2007-06-07, 05:51
Continuation of scan report:
:mozilla.78:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.285:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.286:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.287:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.289:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.618:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.619:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.620:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.204:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.205:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.207:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.268:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.269:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.270:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.271:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.120:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.121:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.122:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.125:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.126:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.200:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.201:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.202:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.203:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.290:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.124:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.128:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.129:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.80:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.82:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.83:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.85:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.86:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.87:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.88:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.89:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.90:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.91:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.378:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.434:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.30:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.149:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.150:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.151:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.152:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.167:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.168:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.169:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.170:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.171:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.172:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.531:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.161:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.653:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@105-bmp.googleadservices[2].txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.28:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.397:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.443:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.546:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.257:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.258:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.370:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
antixcutie
2007-06-07, 05:51
even more! :
:mozilla.9:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.230:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.280:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.226:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.227:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.228:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.229:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.153:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.154:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.155:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.156:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.157:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.158:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.159:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.160:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.274:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.275:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.232:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.233:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.234:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.235:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.236:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.237:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.238:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.162:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.163:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.164:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.165:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.166:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.492:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.585:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.586:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.587:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.588:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.589:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.214:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.215:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.216:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.217:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.218:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.460:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.461:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.462:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.463:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.464:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.465:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.392:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.393:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.371:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.372:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.47:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.48:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.49:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.50:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
F:\Documents and Settings\Tammy Tran\Cookies\tammy_tran@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.173:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.174:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.175:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.176:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.177:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.178:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.179:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.180:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.148:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.576:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.577:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.578:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.579:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.580:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.38:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.281:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.100:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.102:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.106:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.402:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.407:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.411:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.412:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.413:F:\Documents and Settings\Tammy Tran\Application Data\Mozilla\Firefox\Profiles\yvth13m0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
PS MUCCH Thanks! :)
pskelley
2007-06-07, 13:50
Thanks for returning your information and the feedback. Your HJT log looks good and most of the junk AVG found were cookies you really should not be storing. Firefox manages cookies well, you just have to ask it to do so.
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Let's finish up like this: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.