Yep, new guy. Same old, same old.

[octave440]

If I knew anything, this site would be great. I'm assuming.

I know very little about computers. This site is full of "DO NOT POST HERE/ DON'T DO THIS..." warnings, so I don't know what's going on. I've got Spybot S&D (free version) and it detects (and doesn't delete) Altnet and Newdotnet, which I'm assuming are causing my service to occasionally stop (IE has encountered a problem...) I saw similar posts but they didn't match my problems to a T.

So I guess I'll take the computer to a computer repairman. So my questions:

How much will this cost? Are there any sites which never get viruses/spyware? Should I constantly delete my cookies, or constantly empty my recycle bin? Should I delete anything unnecessary? Anything at all is appreciated.

Simple questions yield simple answers, so don't get too technical please.

Thanks much in advance.

 

[teacup61]

Hello octave440,

Welcome to Safer Networking Forums

I understand your frustration here. If you'd like to give it a whirl before you take it to a repair shop, I'll help you, and I promise not to get any more technical than I have to,

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Regards,
tea

 

[octave440]

Thanks in advance!

--------

Logfile of HijackThis v1.99.1
Scan saved at 11:08:32 AM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDxdy0=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.altnet.com/as/frame-reunion.htm?email=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145633621482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145633679998
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)

----------

 

[teacup61]

Hello,

Before beginning, you may want to save these instructions to Notepad or print them out for easier reference.

First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:

· From a computer that has Internet access (yours in this case), click on the following link:
http://www.new.net/support/uninstall6_90.exe.
· Download and save uninstall6_90.exe to the Desktop.
· Go to the Desktop and double-click on uninstall6_90.exe
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot even if not prompted.

Please download, install, and update AVG Anti-Spyware (formerly Ewido)

1. Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
2. After the update finishes (the status bar at the bottom will display "Update successful")
3. Close AVG. Do not run it yet.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.altnet.com/as/frame-reunion.htm?email=
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Delete the following folder:

C:\Program Files\NewDotNet

• In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
• AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
• Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
• Restart back into Normal Mode.

In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running.

Thanks,
tea

 

[octave440]

I understood your directions very well. Before this thread, my Internet access would close whenever I closed a window, and now after following your directions, it is not doing that. (Excellent.) A few notes however:

When I reached "Delete the following folder: C:\Program Files\NewDotNet", I could not find that folder in the Program Files.

Also, when AVG scanned my computer, the window reached out further than my screen allowed (couldn't see the minimize/close buttons), so when it finished, I saved the report, pulled up the Windows Task Manager, and made the screen viewable. Then I found the words on the "Apply All Actions" button to be subdued (unclickable, light gray letters). Consequently, "All actions have been applied" could not be found anywhere. I don't know if these notes are relevant, but better safe than sorry.


(AVG report and HiJackthis log to follow)

 

[octave440]

AVG Report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:25:55 PM 12/19/2006

+ Scan result:



C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056560.dll -> Adware.404Search : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056534.exe -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056535.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056536.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056537.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056538.exe -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056540.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056541.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056542.dll -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056558.exe -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Ignored.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Ignored.
C:\kazaa_setup.exe -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Ignored.
C:\Program Files\TBONBin -> Adware.BetterInternet : Ignored.
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056544.dll -> Adware.BrilliantDigital : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055016.dll -> Adware.Comet : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1053 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Ignored.
C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL -> Adware.IESearch : Ignored.
C:\Program Files\filesubmit\serenityfairy.zip\NNWDAC638.EXE -> Adware.NewDotNet : Ignored.
C:\Program Files\filesubmit\sleepyhead.zip\NNWDAC638.EXE -> Adware.NewDotNet : Ignored.
C:\Program Files\filesubmit\vangoghs_starrynight.zip\NNWDAC638.EXE -> Adware.NewDotNet : Ignored.
C:\RECYCLER\S-1-5-21-746137067-308236825-725345543-1004\Dc123.zip\NNWDAC638.EXE -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054989.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054990.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054991.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055050.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP173\A0055435.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP173\A0055448.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP195\A0056465.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056545.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056546.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056562.exe -> Adware.NewDotNet : Ignored.
C:\WINDOWS\NDNuninstall7_44.exe -> Adware.NewDotNet : Ignored.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Ignored.
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056549.DLL -> Adware.P2PNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056550.exe -> Adware.P2PNet : Ignored.
C:\WINDOWS\SYSTEM32\P2P Networking v1262.cpl -> Adware.P2PNet : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP170\A0055074.exe -> Adware.Relevant : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056519.exe -> Adware.Relevant : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP168\A0054412.dll -> Adware.RK : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP168\A0054413.exe -> Adware.RK : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055053.exe -> Adware.RK : Ignored.
C:\Program Files\RXToolBar -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\HTML -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\HTML\content.htm -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\HTML\main.htm -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\RXToolBar.dll -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\additional.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\additional_active.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\background.jpg -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\thumbtack.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\rx.xml -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\rxtoolbar.cfg -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\rxwebsearches.xsl -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\sfcont.bin -> Adware.RXToolbar : Ignored.
C:\Program Files\RXToolBar\sfcont.dll -> Adware.RXToolbar : Ignored.
C:\Program Files\filesubmit\serenityfairy.zip\VVSNInst.exe -> Adware.SaveNow : Ignored.
C:\Program Files\filesubmit\sleepyhead.zip\VVSNInst.exe -> Adware.SaveNow : Ignored.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareBot -> Adware.SpywareBot : Ignored.
C:\Documents and Settings\Allen\Local Settings\Temporary Internet Files\Content.IE5\WYOGFR74\pop[1].htm -> Downloader.IstBar.ai : Ignored.
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP164\A0053055.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Desktop\MISC. DESKTOP STUFF\Unused Desktop Shortcuts\GTR PRO\zzmonmon.zip/test33.exe -> Logger.Alexa.a : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@saxosouthbend.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@redir.adengage[2].txt -> TrackingCookie.Adengage : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@adjuggler[1].txt -> TrackingCookie.Adjuggler : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adtech[2].txt -> TrackingCookie.Adtech : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@com[1].txt -> TrackingCookie.Com : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@downloaditnow.com.37807.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.
C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@as-us.falkag[2].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@as-us.falkag[1].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@stat.onestat[1].txt -> TrackingCookie.Onestat : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@overture[2].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@revenue[1].txt -> TrackingCookie.Revenue : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@edge.ru4[1].txt -> TrackingCookie.Ru4 : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafic[1].txt -> TrackingCookie.Trafic : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.


::Report end

 

[octave440]

Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 2:39:55 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\1.2.908.5008

\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqimzone.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program

Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqSTE08.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ycomp/defaults

/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ycomp/defaults

/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://as.starware.com/dp/search?x=wKX1ILEOi+Vh

7AfA98Gm4Me69ZMbubcDqLpVXxUyHVo7XjsdactitfcVOlG

eBBOUweMwdAgpRjQQ2B6Ch5qayxUeBllM+pc5eNlvbHNNsY

fQR2vJC9AO8RXEnBSKRPH5U/bWJ/m7D/sgUC+DsKLGxiS/5

YhmPFL9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDx

dy0=
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ycomp/defaults

/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpywareBot] C:\Program

Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Microsoft Works Portfolio]

C:\Program Files\Microsoft Works\WksSb.exe

/AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update

Detection] C:\Program Files\Common

Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update]

C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader]

"C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe"

-quiet
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.908.5008

\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging

Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast

Start.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk =

C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar

Reminders.lnk = ?
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger

- {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL]

International*
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5

Controls/en/x86/client/wuweb_site.cab?114563362

1482
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/

V5Controls/en/x86/client/muweb_site.cab?1145633

679998
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard -

Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server

(Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc)

- GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service

(NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite

Firewall (RP_FWS) - Unknown owner - C:\Program

Files\Verizon\Verizon Internet Security

Suite\fws.exe (file missing)


----------

Thanks again!

 

[teacup61]

Hello,

Good to know about the connection. After running the uninstaller the program was most likely removed.

Open AVG, click the settings tab at the top, click apply all actions, then choose clean (quarantine). Run AVG again. This time all those entries should be fixed. Please post the report in your reply, along with a new HijackThis log.

The current formatting of your log makes it difficult to read. Please open Notepad:
On top, click Format >uncheck Word Wrap.

Let me know how it's running.

Thanks,
tea

 

[octave440]

AVG report (part 1 of 2), Hijackthis log to follow (both with unchecked Wordwrap):

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:41:51 PM 12/19/2006

+ Scan result:



C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056560.dll -> Adware.404Search : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056534.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056535.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056536.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056537.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056538.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056540.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056541.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056542.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056558.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\kazaa_setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056544.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055016.dll -> Adware.Comet : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1053 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\serenityfairy.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\sleepyhead.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\vangoghs_starrynight.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-746137067-308236825-725345543-1004\Dc123.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054989.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054990.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0054991.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055050.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP173\A0055435.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP173\A0055448.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP195\A0056465.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056545.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056546.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056562.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_44.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-308236825-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056549.DLL -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056550.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\P2P Networking v1262.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP170\A0055074.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP196\A0056519.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP168\A0054412.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP168\A0054413.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP169\A0055053.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\HTML -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\HTML\content.htm -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\HTML\main.htm -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\RXToolBar.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup (quarantined).

(more to follow...)

 

[octave440]

AVG Part 2

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\additional.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\additional_active.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\background.jpg -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\thumbtack.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\rx.xml -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\rxtoolbar.cfg -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\rxwebsearches.xsl -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\sfcont.bin -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\sfcont.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\serenityfairy.zip\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\sleepyhead.zip\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareBot -> Adware.SpywareBot : Cleaned with backup (quarantined).
C:\Documents and Settings\Allen\Local Settings\Temporary Internet Files\Content.IE5\WYOGFR74\pop[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4FB9DA42-AD58-4A35-853E-F5F901CC6531}\RP164\A0053055.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Allen.USER-13D660B87E\Desktop\MISC. DESKTOP STUFF\Unused Desktop Shortcuts\GTR PRO\zzmonmon.zip/test33.exe -> Logger.Alexa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@saxosouthbend.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@redir.adengage[2].txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@downloaditnow.com.37807.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Local Settings\Temp\Cookies\allen@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

(Hijackthis log to follow)

 

[octave440]

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 9:43:27 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDxdy0=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145633621482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145633679998
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)

------

And that's it. :

I think. :sad:

 

[teacup61]

Hello,

Excellent job.:bigthumb: I sure can see why you were so frustrated. You forgot to tell me something, though....how is it running? I'd like to have another scan, please. This one is an online scan for viruses, different from AVG.

Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online http://www.pandasoftware.com/products/activescan.htm
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report in your next reply together with a fresh HijackThis log.

Thanks,
tea

 

[octave440]

New Scan, Part 1

Incident Status Location

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allen\Local Settings\Temp\Cookies\allen@dist.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@atwola[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@bravenet[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@fortunecity[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@realmedia[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@tribalfusion[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Allen.USER-13D660B87E\Cookies\allen@www48.seeq[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@burstnet[1].txt

 

[octave440]

New Scan, Part 2

Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@c.enhance[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@com[2].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@counter.sexsuche[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@dist.belnk[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@fe.lea.lycos[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@offeroptimizer[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@searchportal.information[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@toplist[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@www.advnt01[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@www.burstbeacon[2].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@www.seeq[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cindy Shepherd\Cookies\cindy shepherd@xiti[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\User\Cookies\user@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\User\Cookies\user@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\User\Cookies\user@adrevolver[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\User\Cookies\user@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\User\Cookies\user@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\User\Cookies\user@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\User\Cookies\user@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\User\Cookies\user@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\User\Cookies\user@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Cookies\user@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\User\Cookies\user@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\User\Cookies\user@azjmp[1].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\User\Cookies\user@bestoffersnetworks[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\User\Cookies\user@bluestreak[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\User\Cookies\user@btg.btgrab[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\User\Cookies\user@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\User\Cookies\user@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\User\Cookies\user@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\User\Cookies\user@cgi-bin[3].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\User\Cookies\user@cliks[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\User\Cookies\user@cs.sexcounter[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\User\Cookies\user@desktop.kazaa[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\User\Cookies\user@did-it[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\User\Cookies\user@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\User\Cookies\user@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\User\Cookies\user@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\User\Cookies\user@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\User\Cookies\user@i.screensavers[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\User\Cookies\user@kmpads[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\User\Cookies\user@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\User\Cookies\user@microsofteup.112.2o7[1].txt
----

(more to follow)

 

[octave440]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\User\Cookies\user@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\User\Cookies\user@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\User\Cookies\user@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\User\Cookies\user@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\User\Cookies\user@serving-sys[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\User\Cookies\user@sexlist[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\User\Cookies\user@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\User\Cookies\user@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\User\Cookies\user@target[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\User\Cookies\user@tickle[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\User\Cookies\user@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\User\Cookies\user@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
Spyware:Cookie/Adlandpro Not disinfected C:\Documents and Settings\User\Cookies\user@www.adlandpro[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\User\Cookies\user@www.burstbeacon[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\User\Cookies\user@www3.addfreestats[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\User\Cookies\user@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\User\Cookies\user@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\User\Cookies\user@zedo[2].txt
Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\User\Local Settings\Temp\asmfiles.cab
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\User\Local Settings\Temp\p2psetup.exe
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\217KP8BA\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\8BBNISL1\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B3DJ3TSW\popup[1].htm
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\2.bin\N2PLUGIN.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\2.bin\NPND2FN.DLL
Potentially unwanted tool:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
-----
(end of this scan)

(HIjackthis log to follow)

 

[octave440]

New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 12:04:54 PM, on 12/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...9kRSjpb13oOk5UVTq342xCL/Yd+o/KwNAPWZTHwDxdy0=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145633621482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145633679998
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)

---

(end of HJT)

My computer seems to working well. I noticed "hacking toolkits" found by the Panda scan. I hope that's not as bad as it sounds.

 

[teacup61]

Hello,

Thanks for letting me know.

Please enable viewing of hidden files as follows:
1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked.

Navigate to and delete the following:
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN

Also empty everything else in the Content.IE5 folder. Not the folder itself!

Rehide the hidden files and folders when you're done by reversing the process.

I'd like to see an uninstall list please.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks,
tea

 

[octave440]

Although I was able to delete the contents of Content.IE5, I could not access or delete C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0PEVOPIN.

 

[teacup61]

Hello,

All right. Please post the uninstall list, and we'll take care of that entry next post.

 

[octave440]

Uninstall List

Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
AVG Anti-Spyware 7.5
AVG Free Edition
CivCity
EverQuest Platinum
GameShadow
Guitar Pro 4
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hoyle Table Games 2004
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 6.0
HP Photosmart Cameras 6.0
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.0
Kazaa 3.2.3
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
NVIDIA Drivers
Panda ActiveScan
RelevantKnowledge
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
sleepyhead.zip
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
vangoghs_starrynight.zip
Verizon Online Help & Support
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar

-----------

Thanks for your patience.