View Full Version : Yep, new guy. Same old, same old.
octave440
2006-12-17, 00:53
If I knew anything, this site would be great. I'm assuming.
I know very little about computers. This site is full of "DO NOT POST HERE/ DON'T DO THIS..." warnings, so I don't know what's going on. I've got Spybot S&D (free version) and it detects (and doesn't delete) Altnet and Newdotnet, which I'm assuming are causing my service to occasionally stop (IE has encountered a problem...) I saw similar posts but they didn't match my problems to a T.
So I guess I'll take the computer to a computer repairman. So my questions:
How much will this cost? Are there any sites which never get viruses/spyware? Should I constantly delete my cookies, or constantly empty my recycle bin? Should I delete anything unnecessary? Anything at all is appreciated.
Simple questions yield simple answers, so don't get too technical please.
Thanks much in advance.
teacup61
2006-12-19, 06:20
Hello octave440,
Welcome to Safer Networking Forums :)
I understand your frustration here. If you'd like to give it a whirl before you take it to a repair shop, I'll help you, and I promise not to get any more technical than I have to, ;)
* Click here (http://www.thespykiller.co.uk/files/HJTsetup.exe) to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Regards,
tea
octave440
2006-12-19, 18:10
Thanks in advance!
--------
Logfile of HijackThis v1.99.1
Scan saved at 11:08:32 AM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDqLpVXxUyHVo7XjsdactitfcVOlGeBBOUweMwdAgpRjQQ2B6Ch5qayxUeBllM+pc5eNlvbHNNsYfQR2vJC9AO8RXEnBSKRPH5U/bWJ/m7D/sgUC+DsKLGxiS/5YhmPFL9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDxdy0=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.altnet.com/as/frame-reunion.htm?email=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145633621482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145633679998
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
----------
teacup61
2006-12-19, 18:39
Hello,
Before beginning, you may want to save these instructions to Notepad or print them out for easier reference.
First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:
· From a computer that has Internet access (yours in this case), click on the following link:
http://www.new.net/support/uninstall6_90.exe.
· Download and save uninstall6_90.exe to the Desktop.
· Go to the Desktop and double-click on uninstall6_90.exe
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot even if not prompted.
Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)
Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close AVG. Do not run it yet.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.altnet.com/as/frame-reunion.htm?email=
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
Close all browsers and other windows except for HijackThis!, and click "Fix Checked".
Delete the following folder:
C:\Program Files\NewDotNet
In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)
Thanks,
tea
octave440
2006-12-19, 21:59
I understood your directions very well. Before this thread, my Internet access would close whenever I closed a window, and now after following your directions, it is not doing that. (Excellent.) A few notes however:
When I reached "Delete the following folder: C:\Program Files\NewDotNet", I could not find that folder in the Program Files.
Also, when AVG scanned my computer, the window reached out further than my screen allowed (couldn't see the minimize/close buttons), so when it finished, I saved the report, pulled up the Windows Task Manager, and made the screen viewable. Then I found the words on the "Apply All Actions" button to be subdued (unclickable, light gray letters). Consequently, "All actions have been applied" could not be found anywhere. I don't know if these notes are relevant, but better safe than sorry.
(AVG report and HiJackthis log to follow)
octave440
2006-12-19, 22:00
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:25:55 PM 12/19/2006
+ Scan result:
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056560.dll -> Adware.404Search : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056534.exe -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056535.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056536.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056537.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056538.exe -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056540.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056541.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056542.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056558.exe -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Ignored.
C:\kazaa_setup.exe -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Ignored.
C:\Program Files\TBONBin -> Adware.BetterInternet : Ignored.
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056544.dll -> Adware.BrilliantDigital : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055016.dll -> Adware.Comet : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1053 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Ignored.
C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL -> Adware.IESearch : Ignored.
C:\Program Files\filesubmit\serenityfairy.zip\NNWDAC638.EXE -> Adware.NewDotNet : Ignored.
C:\Program Files\filesubmit\sleepyhead.zip\NNWDAC638.EXE -> Adware.NewDotNet : Ignored.
C:\Program Files\filesubmit\vangoghs_starrynight.zip\NNWDAC638.EXE -> Adware.NewDotNet : Ignored.
C:\RECYCLER\S-1-5-21-746137067-308236825-725345543-1004\Dc123.zip\NNWDAC638.EXE -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054989.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054990.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054991.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055050.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP173\A0055435.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP173\A0055448.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP195\A0056465.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056545.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056546.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056562.exe -> Adware.NewDotNet : Ignored.
C:\WINDOWS\NDNuninstall7_44.exe -> Adware.NewDotNet : Ignored.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056549.DLL -> Adware.P2PNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056550.exe -> Adware.P2PNet : Ignored.
C:\WINDOWS\SYSTEM32\P2P Networking v1262.cpl -> Adware.P2PNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP170\A0055074.exe -> Adware.Relevant : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056519.exe -> Adware.Relevant : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP168\A0054412.dll -> Adware.RK : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP168\A0054413.exe -> Adware.RK : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055053.exe -> Adware.RK : Ignored.
C:\Program Files\RXToolBar -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\HTML -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\HTML\content.htm -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\HTML\main.htm -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\RXToolBar.dll -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\additional.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\additional_active.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\background.jpg -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\thumbtack.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\rx.xml -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\rxtoolbar.cfg -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\rxwebsearches.xsl -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\sfcont.bin -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\sfcont.dll -> Adware.RXToolbar : Ignored.
C:\Program Files\filesubmit\serenityfairy.zip\VVSNInst.exe -> Adware.SaveNow : Ignored.
C:\Program Files\filesubmit\sleepyhead.zip\VVSNInst.exe -> Adware.SaveNow : Ignored.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareBot -> Adware.SpywareBot : Ignored.
C:\Documents and Settings\Allen\Local Settings\Temporary Internet Files\Content.IE5\WYOGFR74\pop[1].htm -> Downloader.IstBar.ai : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP164\A0053055.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Desktop\MISC. DESKTOP STUFF\Unused Desktop Shortcuts\GTR PRO\zzmonmon.zip/test33.exe -> Logger.Alexa.a : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@saxosouthbend.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@redir.adengage[2].txt -> TrackingCookie.Adengage : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@adjuggler[1].txt -> TrackingCookie.Adjuggler : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adtech[2].txt -> TrackingCookie.Adtech : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@com[1].txt -> TrackingCookie.Com : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@downloaditnow.com.37807.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.
C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@as-us.falkag[2].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@as-us.falkag[1].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@stat.onestat[1].txt -> TrackingCookie.Onestat : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@overture[2].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@revenue[1].txt -> TrackingCookie.Revenue : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@edge.ru4[1].txt -> TrackingCookie.Ru4 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafic[1].txt -> TrackingCookie.Trafic : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
::Report end
octave440
2006-12-19, 22:00
Logfile of HijackThis v1.99.1
Scan saved at 2:39:55 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft
Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.5008
\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft
Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital
Imaging\bin\hpqimzone.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program
Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital
Imaging\bin\hpqSTE08.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ycomp/defaults
/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ycomp/defaults
/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://as.starware.com/dp/search?x=wKX1ILEOi+Vh
7AfA98Gm4Me69ZMbubcDqLpVXxUyHVo7XjsdactitfcVOlG
eBBOUweMwdAgpRjQQ2B6Ch5qayxUeBllM+pc5eNlvbHNNsY
fQR2vJC9AO8RXEnBSKRPH5U/bWJ/m7D/sgUC+DsKLGxiS/5
YhmPFL9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDx
dy0=
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ycomp/defaults
/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpywareBot] C:\Program
Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe
/AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update
Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update]
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe"
-quiet
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.5008
\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed
Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging
Monitor.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast
Start.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk =
C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar
Reminders.lnk = ?
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger
- {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL]
International*
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5
Controls/en/x86/client/wuweb_site.cab?114563362
1482
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/
V5Controls/en/x86/client/muweb_site.cab?1145633
679998
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard -
Anti-Malware Development a.s. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server
(Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc)
- GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite
Firewall (RP_FWS) - Unknown owner - C:\Program
Files\Verizon\Verizon Internet Security
Suite\fws.exe (file missing)
----------
Thanks again!
teacup61
2006-12-20, 03:24
Hello,
Good to know about the connection. :) After running the uninstaller the program was most likely removed.
Open AVG, click the settings tab at the top, click apply all actions, then choose clean (quarantine). Run AVG again. This time all those entries should be fixed. Please post the report in your reply, along with a new HijackThis log.
The current formatting of your log makes it difficult to read. Please open Notepad:
On top, click Format >uncheck Word Wrap.
Let me know how it's running. :)
Thanks,
tea
octave440
2006-12-20, 04:47
AVG report (part 1 of 2), Hijackthis log to follow (both with unchecked Wordwrap):
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:41:51 PM 12/19/2006
+ Scan result:
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056560.dll -> Adware.404Search : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056534.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056535.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056536.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056537.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056538.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056540.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056541.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056542.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056558.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\kazaa_setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056544.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055016.dll -> Adware.Comet : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1053 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\serenityfairy.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\sleepyhead.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\vangoghs_starrynight.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-746137067-308236825-725345543-1004\Dc123.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054989.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054990.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054991.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055050.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP173\A0055435.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP173\A0055448.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP195\A0056465.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056545.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056546.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056562.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_44.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056549.DLL -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056550.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\P2P Networking v1262.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP170\A0055074.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056519.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP168\A0054412.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP168\A0054413.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055053.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\HTML -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\HTML\content.htm -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\HTML\main.htm -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\RXToolBar.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup (quarantined).
(more to follow...)
octave440
2006-12-20, 04:47
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\additional.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\additional_active.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\background.jpg -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\thumbtack.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\rx.xml -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\rxtoolbar.cfg -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\rxwebsearches.xsl -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\sfcont.bin -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\sfcont.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\serenityfairy.zip\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\sleepyhead.zip\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareBot -> Adware.SpywareBot : Cleaned with backup (quarantined).
C:\Documents and Settings\Allen\Local Settings\Temporary Internet Files\Content.IE5\WYOGFR74\pop[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP164\A0053055.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Allen.USER-13D660B87E\Desktop\MISC. DESKTOP STUFF\Unused Desktop Shortcuts\GTR PRO\zzmonmon.zip/test33.exe -> Logger.Alexa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@saxosouthbend.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@redir.adengage[2].txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@downloaditnow.com.37807.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
(Hijackthis log to follow)
octave440
2006-12-20, 04:50
Logfile of HijackThis v1.99.1
Scan saved at 9:43:27 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDqLpVXxUyHVo7XjsdactitfcVOlGeBBOUweMwdAgpRjQQ2B6Ch5qayxUeBllM+pc5eNlvbHNNsYfQR2vJC9AO8RXEnBSKRPH5U/bWJ/m7D/sgUC+DsKLGxiS/5YhmPFL9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDxdy0=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145633621482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145633679998
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
------
And that's it. :D:
I think. :sad:
teacup61
2006-12-20, 05:46
Hello,
Excellent job.:bigthumb: I sure can see why you were so frustrated.:eek: You forgot to tell me something, though....how is it running? I'd like to have another scan, please. This one is an online scan for viruses, different from AVG.
Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online http://www.pandasoftware.com/products/activescan.htm
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply together with a fresh HijackThis log.
Thanks,
tea
octave440
2006-12-20, 19:07
Incident Status Location
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@dist.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@atwola[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@bravenet[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@fortunecity[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@realmedia[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tribalfusion[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www48.seeq[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@burstnet[1].txt
octave440
2006-12-20, 19:09
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@c.enhance[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@com[2].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@counter.sexsuche[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@dist.belnk[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@fe.lea.lycos[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@offeroptimizer[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@searchportal.information[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@toplist[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@www.advnt01[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@www.burstbeacon[2].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@www.seeq[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@xiti[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\User\Cookies\user@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\User\Cookies\user@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\User\Cookies\user@adrevolver[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\User\Cookies\user@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\User\Cookies\user@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\User\Cookies\user@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\User\Cookies\user@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\User\Cookies\user@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\User\Cookies\user@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Cookies\user@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\User\Cookies\user@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\User\Cookies\user@azjmp[1].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\User\Cookies\user@bestoffersnetworks[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\User\Cookies\user@bluestreak[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\User\Cookies\user@btg.btgrab[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\User\Cookies\user@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\User\Cookies\user@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\User\Cookies\user@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\User\Cookies\user@cgi-bin[3].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\User\Cookies\user@cliks[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\User\Cookies\user@cs.sexcounter[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\User\Cookies\user@desktop.kazaa[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\User\Cookies\user@did-it[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\User\Cookies\user@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\User\Cookies\user@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\User\Cookies\user@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\User\Cookies\user@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\User\Cookies\user@i.screensavers[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\User\Cookies\user@kmpads[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\User\Cookies\user@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\User\Cookies\user@microsofteup.112.2o7[1].txt
----
(more to follow)
octave440
2006-12-20, 19:09
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\User\Cookies\user@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\User\Cookies\user@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\User\Cookies\user@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\User\Cookies\user@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\User\Cookies\user@serving-sys[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\User\Cookies\user@sexlist[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\User\Cookies\user@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\User\Cookies\user@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\User\Cookies\user@target[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\User\Cookies\user@tickle[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\User\Cookies\user@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\User\Cookies\user@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
Spyware:Cookie/Adlandpro Not disinfected C:\Documents and Settings\User\Cookies\user@www.adlandpro[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\User\Cookies\user@www.burstbeacon[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\User\Cookies\user@www3.addfreestats[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\User\Cookies\user@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\User\Cookies\user@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\User\Cookies\user@zedo[2].txt
Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\User\Local Settings\Temp\asmfiles.cab
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\User\Local Settings\Temp\p2psetup.exe
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\217KP8BA\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\8BBNISL1\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B3DJ3TSW\popup[1].htm
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\2.bin\N2PLUGIN.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\2.bin\NPND2FN.DLL
Potentially unwanted tool:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
-----
(end of this scan)
(HIjackthis log to follow)
octave440
2006-12-20, 19:11
Logfile of HijackThis v1.99.1
Scan saved at 12:04:54 PM, on 12/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDqLpVXxUyHVo7XjsdactitfcVOlGeBBOUweMwdAgpRjQQ2B6Ch5qayxUeBllM+pc5eNlvbHNNsYfQR2vJC9AO8RXEnBSKRPH5U/bWJ/m7D/sgUC+DsKLGxiS/5YhmPFL9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDxdy0=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145633621482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145633679998
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
---
(end of HJT)
My computer seems to working well. I noticed "hacking toolkits" found by the Panda scan. I hope that's not as bad as it sounds.
teacup61
2006-12-20, 20:02
Hello,
Thanks for letting me know.
Please enable viewing of hidden files as follows:
1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked.
Navigate to and delete the following:
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN
Also empty everything else in the Content.IE5 folder. Not the folder itself!
Rehide the hidden files and folders when you're done by reversing the process. :)
I'd like to see an uninstall list please. :)
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Thanks,
tea
octave440
2006-12-20, 22:18
Although I was able to delete the contents of Content.IE5, I could not access or delete C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN.
teacup61
2006-12-21, 19:36
Hello,
All right. :) Please post the uninstall list, and we'll take care of that entry next post.
octave440
2006-12-21, 21:15
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
AVG Anti-Spyware 7.5
AVG Free Edition
CivCity
EverQuest Platinum
GameShadow
Guitar Pro 4
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hoyle Table Games 2004
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 6.0
HP Photosmart Cameras 6.0
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.0
Kazaa 3.2.3
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
NVIDIA Drivers
Panda ActiveScan
RelevantKnowledge
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
sleepyhead.zip
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
vangoghs_starrynight.zip
Verizon Online Help & Support
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar
-----------
Thanks for your patience.
teacup61
2006-12-21, 23:46
Hello,
Thanks for that. :)
Click start > controlpanel > add/remove Programs and uninstall the following, if present :
RelevantKnowledge
Kazaa 3.2.3 <---Not good. This is a huge risk for infection. I would suggest Kaaza Lite instead, if you must use a P2P program.
if you don't know what these are, then uninstall them as well:
sleepyhead.zip
vangoghs_starrynight.zip
Reboot your computer when you're done.
1) Please download the Killbox (http://www.killbox.net/downloads/KillBox.exe).
Save it to the desktop and run it.
2) Select "Delete on Reboot", and then select "All files".
3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN
4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Let me know how this goes, and how your computer is running. :)
Thanks,
tea
octave440
2006-12-22, 00:54
Ok, the computer seems to be fine. I had just a little bit of trouble when I got to the ATF menu, but it appears that it all went well. Do I need to run another HJT log or anything?
Also, when all is said and done, should I delete all of these programs (HJT, ATF, AVG) from the computer? Should I also defragment after uninstalling so many programs?
Thanks.
teacup61
2006-12-22, 05:14
Hello,
Glad to know all went well, and all is running well. :)
Yes, a final HijackThis log would be nice, please. I wouldn't feel right just letting you go without one. You can keep ATF cleaner and use it periodically to clean and maintain your computer. AVG is a trial, which, in this case, means that when the trial is up you will no longer have the real time protection. You can still update and scan with it after that, if you like the program. :) HijackThis should probably go, Killbox, and any of the other specific little tools we used along the way.
Go ahead and defrag. It certainly won't hurt anything. ;)
Regards,
tea
octave440
2006-12-22, 05:20
Heeeere you go.
-------
Logfile of HijackThis v1.99.1
Scan saved at 10:19:27 PM, on 12/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDqLpVXxUyHVo7XjsdactitfcVOlGeBBOUweMwdAgpRjQQ2B6Ch5qayxUeBllM+pc5eNlvbHNNsYfQR2vJC9AO8RXEnBSKRPH5U/bWJ/m7D/sgUC+DsKLGxiS/5YhmPFL9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDxdy0=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145633621482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145633679998
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
teacup61
2006-12-22, 07:25
Hello,
I feel better now. Looks great! http://i135.photobucket.com/albums/q150/teacup61/woohoo.gif
The following are not malware, but fixing them with HijackThis will improve your system's speed. None are necessary at startup, and may be started manually at any time. This is up to you. :)
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Close all browsers and other windows except for HijackThis!, and click "Fix Checked".
Reboot your computer.
Some excellent reading here : http://mvps.org/winhelp2002/unwanted.htm
If you have any questions, please feel free to ask. Otherwise Happy Holidays! http://i135.photobucket.com/albums/q150/teacup61/Gifts1.gif
tea
octave440
2006-12-22, 14:47
Thank you again for all your help. Your instructions were all very clear and my problems with them were close to none. I'll scan again with HJT and see if my computer breaks the sound barrier. :)
teacup61
2006-12-23, 22:27
You're most welcome. :)
Take care!
tea
Glad we could help, as the problem appears to be resolved this topic has been archived. Happy New Year. :)
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.