View Full Version : Did I get everything?
GGryphon
2007-06-19, 03:41
I had found several badboys: TagASaurus, Virtumonde and more. I used several online programs suggested from this foam, not listing that I should just post here first :(.
I think i got everthing.
Could some one look over my HJT log and let me know?
Logfile of HijackThis v1.99.1
Scan saved at 8:23:47 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Logitech\G-series Software\LGDCore.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Logitech\G-series Software\LCDMon.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Problems\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/en/default.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {002A3E8E-411F-4BCA-99CB-9D74C9262BFE} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\wqqigcuq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\common files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Juice.lnk = D:\Program Files\Juice\Juice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://customer.voodoopc.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
One thing that has croped up during the intall of all the antivirus, I seam to have lost the ability to view several web pages in Fire fox.
I have lost Flash from the voodoopc.com website and some sites like comcast.net are showing up as unformates sites..
Thanks
pskelley
2007-06-20, 00:30
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Not sure what you did to those programs, exactly what programs did you run?
There is still some cleaning we need to do.
1) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
2) Turn off TeaTimer, it will block chances we must make:
http://russelltexas.com/malware/teatimer.htm
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {002A3E8E-411F-4BCA-99CB-9D74C9262BFE} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\wqqigcuq.dll (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165
5) run cleanmgr
http://spyware-free.us/tutorials/cleanmgr/
6) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Restart and post the AVG Scan Report, the uninstall list, any information I reqested and a new HJT log.
Thanks
GGryphon
2007-06-21, 05:11
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:24:52 AM 6/20/2007
+ Scan result:
:mozilla.110:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.111:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.112:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.113:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.114:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.115:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.116:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.117:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.118:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.119:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.120:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.121:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.122:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.123:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.124:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.125:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.126:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.127:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.128:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.129:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.130:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.131:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.132:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.133:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.134:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.135:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.136:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.137:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.138:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.139:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.140:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.141:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.142:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.143:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.144:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.145:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.146:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.147:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.148:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.149:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.150:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.151:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.152:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.153:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.154:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.155:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.156:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.157:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.172:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.175:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.251:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.295:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.296:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.161:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.162:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.434:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Cnn : No action taken.
:mozilla.184:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Joel\Cookies\joel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.518:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.249:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.250:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.474:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Information : No action taken.
C:\Documents and Settings\Joel\Cookies\joel@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
:mozilla.96:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.97:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.98:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Joel\Cookies\joel@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.307:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.308:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.320:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Joel\Cookies\joel@www.paypal[2].txt -> TrackingCookie.Paypal : No action taken.
:mozilla.325:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.326:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.331:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.332:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.338:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.80:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.81:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.82:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.83:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.84:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.85:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.86:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.87:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.88:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.89:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.90:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.91:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.92:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.93:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.94:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Joel\Cookies\joel@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.345:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.346:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.347:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.348:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.349:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.490:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.491:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.350:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.351:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.352:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.353:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.354:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.362:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.363:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.364:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.365:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.366:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.435:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.381:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Toplist : No action taken.
:mozilla.382:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.383:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
GGryphon
2007-06-21, 05:12
:mozilla.384:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.385:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.386:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.388:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.333:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.334:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.335:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.336:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.337:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.107:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.426:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.427:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.428:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.429:C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\m1df3c1j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
D:\Program Files\World of Warcraft\BackgroundDownloader.exe -> Trojan.WOW.rg : No action taken.
D:\Program Files\World of Warcraft\WoW-2.0.12.6546-to-2.1.0.6692-enUS-downloader.exe -> Trojan.WOW.rg : No action taken.
D:\Program Files\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe -> Trojan.WOW.rg : No action taken.
D:\Program Files\World of Warcraft\WoW-2.1.0.6729-to-2.1.1.6739-enUS-downloader.exe -> Trojan.WOW.rg : No action taken.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 9:32:54 AM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Logitech\G-series Software\LGDCore.exe
D:\Program Files\Logitech\G-series Software\LCDMon.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Problems\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/en/default.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\common files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Juice.lnk = D:\Program Files\Juice\Juice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://customer.voodoopc.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
GGryphon
2007-06-21, 05:13
Uninstall list
1701 A.D.
3D Design PRO
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
AGEIA PhysX v6.11.01
AMD Athlon 64 Processor Driver
Apple Software Update
Army Builder V3.1c
a-squared Free 2.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Auctioneer AddOns
AVG Anti-Spyware 7.5
Black & White® 2
Caesar IV Demo
City of Villains/City of Heroes (remove only)
CivCity
ColorCache 3.5.3.0
Comcast High-Speed Internet Install Wizard
Cool & Quiet
Creative System Information
Dawn of War - Dark Crusade
Dawn Of War - Winter Assault
DawnOfWar
Dungeons & Dragons Online™: Stormreach™ Trial v05.01.30.48
Feeding Frenzy Deluxe 5.7.18.1
FilePlanet Download Manager 2.0.1
Galactic Civilizations II
Google Earth
Google SketchUp 6
Google SketchUp 6
GPGNet
Guild Wars
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IGN Download Manager 2.2.1
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest (remove only)
Jewel Quest Solitaire (remove only)
Kaspersky Anti-Virus 6.0
Kaspersky Online Scanner
Logitech G-series Keyboard Software
Logitech iTouch Software
Logitech MouseWare 9.78
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Windows Media Video 9 VCM
Monitor Calibration Wizard 1.0
Mozilla Firefox (1.5.0.12)
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser
MSXML4 Parser
Neverwinter Nights 2
Oblivion
Oblivion mod manager beta 4e
OpenAL
Pirates CSG Online
PowerDVD
QuickTime
RCT3 Soaked
Real Alternative 1.44
RealPlayer
RollerCoaster Tycoon® 3
Runtime Files Pack 3
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Segmented Project Planner
Sid Meier's Civilization 4
Sid Meier's Pirates!
Sid Meier's Railroads!
Sims2Pack Clean Installer
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Supreme Commander
Sword of the Stars
TeamSpeak 2 RC2
The Guild 2 - Demo
The Lord of the Rings Online™: Shadows of Angmar™ v07.11.30.50
The Movies(TM)
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
Titan Quest
UFO Extraterrestrials
UI Central 3.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Ventrilo Client
Viewpoint Media Player
Visual Basic 4 Runtime Files
VoodooPC VNC
War Front - Turning Point
Warhammer Mark of Chaos
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player 9 Series
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Woodturner PRO
World of Warcraft
WoW UI Designer
WoW UIManager
XML Marker version 1.1
xSIMS.de - 'The Sims 2' Nude Censor Remover v2.0
ZIP Reader 8.00.0018
ZoneAlarm
I wish i could give you exact details of what i did.... But I read the Before you Post before i posted not before i started mucking around trying to fix it on my own by trying to find similar problems.
Thanks again for the help!
pskelley
2007-06-21, 14:31
Thanks for returning your information, in the AVG scan you have chosen "No action taken" instead of delete, while they all appear to be cookies that you probably should not store anyway, I would delete them:
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Uninstall list:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
see this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
uninstall all old versions in add remove programs. Hackers use the old versions to exploit and infect you.
Viewpoint Media Player
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
I see no malware in the HJT log, I suggest you do this:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
GGryphon
2007-06-21, 21:28
Thank you very much for all your help
pskelley
2007-06-23, 13:56
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
Thanks...pskelley