PDA

View Full Version : Is my computer clean yet? It seems slow. Please check my log.



Sibley
2006-12-11, 20:03
Hi,

I have been working for about 5 days cleaning viruses, trojans and tons of spyware out of my computer.

Hoping that someone will analyze my hijackthis log. I don't have the computer smarts to do it and am scared to delete things that look bad to me in case they are vital to my computers operation...

I ran spybot and adaware this morning. Panda a couple days ago as well as many others that I've installed and uninstalled.Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 8:48:16 AM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ann\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by

CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608

\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

/startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1

\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 4.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet

g series\Bin\hpoavn07.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) -

http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) -

http://www.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4156EC68-BB80-4B06-B1FA-780C3DB183A6} (KyozouX Control) - http://my.kyozou.com/KyozouX.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -

http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {9D5B6642-8C3F-4504-B2FC-42779ABAE4B9} (Snapfish File Upload ActiveX Control) -

http://www.yorkphoto.com/YorkUpload.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-

JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) -

http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7530-b327h-

quickenmedical__upgrade/rnl/java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?325
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608

\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus

6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common

Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe

pskelley
2006-12-11, 21:19
Hello and welcome to the forum. Please review the information in this link:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288

Please run the antivirus scan required in that link, and then post a new HJT log that is NOT formatted. Try unchecking "word wrap" in Format at the top of Notepad. Use "Post Reply" to stay in this same topic. I will then be able to take a look for you.

Thanks

Sibley
2006-12-12, 05:14
Boy. Sorry abou that. I should not assume! Okay, I think I did it all except bit defender. Just couldn't get it (or me) to work.

I think I may be clean but I just don't know. I see a lot of unfamiliar and unwanted things in this log. I know I don't want turbolister, kyozou, or puzzle pirates. I'm assuming they are not harmful though...

Thanks so much for your patience and help.

Logfile of HijackThis v1.99.1
Scan saved at 7:09:38 PM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThisLog\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 4.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4156EC68-BB80-4B06-B1FA-780C3DB183A6} (KyozouX Control) - http://my.kyozou.com/KyozouX.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {9D5B6642-8C3F-4504-B2FC-42779ABAE4B9} (Snapfish File Upload ActiveX Control) - http://www.yorkphoto.com/YorkUpload.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7530-b327h-quickenmedical__upgrade/rnl/java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?325
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe

Sibley
2006-12-12, 05:16
One more thing. Pop-ups from Kaspersky keep telling me that these files that I'm not familiar with are password protected. Could some type of hijacker have planted a password protected file on my computer?

pskelley
2006-12-12, 13:48
Thanks for returning your information. I don't see a whole lot in the HJT log.

Pop-ups from Kaspersky keep telling me that these files that I'm not familiar with are password protected. Could some type of hijacker have planted a password protected file on my computer?Can you tell me what "these files" are? The name and location will help. If Kaspersky will give you a scan result, post it or copy/paste that information.
I should also say that these hackers can do about what they please, they have no rules and ignore the laws.

I do see this item:
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirate...GameLoader.dll
read this >>> http://www.castlecops.com/atxlist-1604.html
My suggestion would be to purchase the games and still read the eula carefully, or play them online. Downloading games is very dangerous.

I also see an out of date Jave program, I would download the newest version and uninstall all old versions, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

You may want to get rid of this junk, WindowsXp handles downloads well, but if you feel you need download help, there are free, safe programs out there.
Gamespot's "Download Manager" Hides Spyware, DRM
http://www.extremetech.com/article2/0,3973,365073,00.asp

Please see if you can provide me with more information if you still think you have hidden malware and update that Java. Let's clean a little a get rid of that junk.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

2) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/ra...gameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {4156EC68-BB80-4B06-B1FA-780C3DB183A6} (KyozouX Control) - http://my.kyozou.com/KyozouX.cab

(you can remove any 016 - DPF you are finished with, you would be prompted to put them back if you visit the site again)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

3) Let's have a look with this tool, follow the directions in the link to download, update and run:
http://forums.security-central.us/showthread.php?t=3165

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Post the results of AVG Anti-Spyware 7.5, a new HJT log and any information you can provide.

Thanks

Sibley
2006-12-12, 18:59
I am going through your steps. I definitely don't want gameloader. I have a hard time convincing the short people in my house that downloading game and clicking on cute pictures can hurt our computer. Anyway, I read in PC Magazine that the newest version of Zone Alarm has the highest amount of parental control settings. i.e. blocking downloads. When I get everything cleaned up I plan to re-install Zone Alarm and upgrade to the paid version.

Do you all like Zone Alarm--especially for that reason?

Is it okay to also remove the old Java updates?

Is it okay to remove all my old adobe updates and versions? I've got about 6.

I didn't even realize that I had acquired a "new" download manager. I will remove all the 016's I don't use. I'm looking forward to lightening up!

I am going through the steps you requested right now. (Am running Kaspersky's scan and have asked them if there's a way to save a log.) I'll be back on completion. Thank you.

Sibley
2006-12-12, 19:32
I found this: empiresanddungeons_at.exe on my desktop. It's not listed in my ad/remove programs and I can't delete it. Says it's in use by another process...

I found a link to it at filemirrors(dot)com but was afraid to click on it and get possibly more bugs. I don't know what a filemirror is but it doesn't sound good.

pskelley
2006-12-12, 22:52
Please follow the directions I have posted for you, if you have done that, I appreciate the feedback and will do my best to respond and to answer your questions, but I can not do this without the information I requested:


Post the results of AVG Anti-Spyware 7.5, a new HJT log and any information you can provide.

Please follow the direction and post an uninstall list also:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.


Thanks

Sibley
2006-12-13, 05:37
Okay, I've done it all. I'm trying to figure out what I should copy and paste out of the NEW AVG.

I'm betting on the Reports section. Here it is:
--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:56:22 PM 12/12/2006

+ Scan result:



HKU\S-1-5-21-4166307882-1809067083-516276246-1006_Classes\Interface\{8148A489-F54E-4D74-B6F3-81901D0AA54A}\TypeLib\\Version -> Adware.ActivityMonitor : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignored.
:mozilla.806:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.810:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.347:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.348:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.349:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.350:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.351:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.352:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.353:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.354:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.355:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.356:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.357:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.358:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.359:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.360:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.361:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.362:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.363:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.364:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.365:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.366:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.367:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.368:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.369:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.370:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.371:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.372:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.373:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.374:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.375:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.376:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.377:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.378:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.379:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.380:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.381:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.382:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.383:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.384:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.385:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.386:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.387:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.388:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.389:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.390:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.391:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.392:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.393:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.394:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.395:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.502:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.577:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.657:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.817:C:\Documents and Settings\Ann\Application

Sibley
2006-12-13, 05:38
Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.18:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.19:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.20:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.698:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.647:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Admarketplace : Ignored.
:mozilla.155:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.159:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.160:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.322:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.323:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.324:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.325:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.326:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.288:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.878:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Bluestreak : Ignored.
:mozilla.158:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.161:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.162:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.327:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.328:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.329:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.330:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.331:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.332:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.333:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.670:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.671:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.90:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Com : Ignored.
:mozilla.193:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.139:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.141:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.287:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.341:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.409:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.600:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.601:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.602:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.605:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.606:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.607:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.741:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.790:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.791:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.819:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.705:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.706:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.558:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.559:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.560:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.561:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.562:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.563:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.292:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored.
:mozilla.421:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.422:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.423:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.555:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.832:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.833:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.515:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Linksynergy : Ignored.
:mozilla.516:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Linksynergy : Ignored.
:mozilla.278:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.281:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.468:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.469:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.470:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.471:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.336:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.337:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.338:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.339:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.279:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Qksrv : Ignored.
:mozilla.280:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Qksrv : Ignored.
:mozilla.406:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.407:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.408:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.628:C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\dokfsyxn.default\cookies.txt ->

Sibley
2006-12-13, 05:39
HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 7:39:17 PM, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ann\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 4.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {9D5B6642-8C3F-4504-B2FC-42779ABAE4B9} (Snapfish File Upload ActiveX Control) - http://www.yorkphoto.com/YorkUpload.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7530-b327h-quickenmedical__upgrade/rnl/java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?325
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

Sibley
2006-12-13, 05:43
Uninstall list. Thank you so much for your insights!!!!!! :wub:

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Adobe Shockwave Player
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
AVG Anti-Spyware 7.5
Belarc Advisor 6.1
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon ZoomBrowser EX
CCleaner (remove only)
Chameleon Mega Camera Driver
Classic PhoneTools
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Digital Line Detect
Easy CD Creator 5 Basic
ebgcInfra
ebgcRes
ebgcSDK
eFax Messenger 3.5
Google Desktop
Google Gmail Notifier
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp officejet g series - 4
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_07
John Deere American Farmer TM v1.0
Kaspersky Anti-Virus 6.0
Macromedia Dreamweaver 3
Macromedia Fireworks 3
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
Modem Helper
Motherboard Monitor 5
Mozilla Firefox (1.5.0.8)
Mozilla Firefox (2.0)
Mshow Client
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH Jukebox
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OfotoNow
Panda ActiveScan
Panda ActiveScan Pro
PhotoParade Player
Picasa 2
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2006
QuickTime
QuickTime for Windows (32-bit)
Reading Blaster Ages 6-9
RealPlayer Basic
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Shockwave
SimCity 4 Deluxe
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Viewpoint Media Player
Web Design Group HTML Reference
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

pskelley
2006-12-13, 12:58
Would you please run the AVG Anti-Spyware scan again, for some reason you ignored the junk? Use this tutorial and delete or at least quarantine what it locates, thanks.
http://forums.security-central.us/showthread.php?t=3165

See this link: http://java.sun.com/javase/downloads/index.jsp for download information. Java SE Downloads
For your information, click Start > Control Panel and look for the coffee cup. Click to open it and then click the updates tab. It will find the newest update for your computer.

Then uninstall these old versions in Add Remove programs.
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_07

Mozilla Firefox (1.5.0.8) <<< uninstall, you have version 2.0

Since you are running Kaspersky, I see no good reason to have these programs installed.
Panda ActiveScan
Panda ActiveScan Pro

Viewpoint Media Player <<< uninstall this one
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint

Logfile of HijackThis v1.99.1 Scan saved at 7:39:17 PM, on 12/12/2006

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/actives.../asproinst.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

You have some program running that you may not need to boot everytime, this information will help you with that.
http://netsquirrel.com/msconfig/

Do this now >>> System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Once you have completed the above instructions, and reviewed the information from the experts I posted, if you still have any questions, post them. Post a last HJT log for a final look also.

Thanks

tashi
2006-12-20, 09:43
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.