Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer lags and Pandascan found a virus(W32/Oscarbot.IF.worm)

Started by frozenthunder , Dec 04 2006 05:54 AM

  • This topic is locked This topic is locked

#1
frozenthunder
Posted 04 December 2006 - 05:54 AM

frozenthunder

    Member

  • Member
  • PipPipPip
  • 140 posts
Hello there,

I couldnt switch on my computer for a while today so im posting for help here. Below are the required logs, sorry about the AVG/Ewido log...there is something wrong with the font that creates a box between every letter...

SUPERAntiSpyware Scan Log
Generated 12/04/2006 at 04:50 PM

Application Version : 3.3.1020

Core Rules Database Version : 3141
Trace Rules Database Version: 1157

Scan type : Complete Scan
Total Scan Time : 00:34:42

Memory items scanned : 451
Memory threats detected : 0
Registry items scanned : 6004
Registry threats detected : 13
File items scanned : 12423
File threats detected : 0

Adware.Toolbar888
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString
HKCR\MyToolBar.MyToolBarObj
HKCR\MyToolBar.MyToolBarObj\CLSID
HKCR\MyToolBar.MyToolBarObj\CurVer
HKCR\MyToolBar.MyToolBarObj.1
HKCR\MyToolBar.MyToolBarObj.1\CLSID
HKLM\Software\Classes\MyToolBar.MyToolBarObj
HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID
HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer
HKLM\Software\Classes\MyToolBar.MyToolBarObj.1
HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID

panda scan

Incident Status Location

Adware:adware/maxifiles Not disinfected c:\program files\common files\InetGet
Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt[.com.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt[.kinghost.com/]
Hacktool:Hacktool/Hammer Not disinfected C:\Documents and Settings\Owner\Desktop\New Folder\HLC.EXE
Hacktool:Hacktool/Hammer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for logo creator.zip\HLC.EXE
Hacktool:Hacktool/Hammer Not disinfected C:\Documents and Settings\Owner\My Documents\My Completed Downloads\logo creator.zip[HLC.EXE]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:W32/Oscarbot.IF.worm Disinfected C:\microsofts.com.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.130
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.043

Logfile of HijackThis v1.99.1
Scan saved at 7:47:24 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\FilmLoop Player\FilmLoop.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Steam-Down\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Murasu Systems\Anjal2000\anjal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackt\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.124.2.15:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [IE Accelerator] D:\chess\Booster\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam-Down\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Murasu Anjal.lnk = C:\Program Files\Murasu Systems\Anjal2000\anjal.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149309271765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149309252640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC730F80-6B54-47FF-B600-F00C5DA73C4B}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

#2
frozenthunder
Posted 04 December 2006 - 05:57 AM

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
_
_A_V_G_ _A_n_t_i_-_S_p_y_w_a_r_e_ _-_ _S_c_a_n_ _R_e_p_o_r_t_
_
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
_
_
_
_ _+_ _C_r_e_a_t_e_d_ _a_t_:_ _3_:_4_4_:_5_4_ _P_M_ _1_2_/_4_/_2_0_0_6_
_
_
_
_ _+_ _S_c_a_n_ _r_e_s_u_l_t_:_ _
_
_
_
_
_
_
_
_C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_D_A_E_M_O_N_ _T_o_o_l_s_\_S_e_t_u_p_D_T_S_B_._e_x_e_ _-_>_ _A_d_w_a_r_e_._S_a_v_e_N_o_w_ _:_ _C_l_e_a_n_e_d_._
_
_C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_T_o_o_l_B_a_r_8_8_8_ _-_>_ _A_d_w_a_r_e_._S_o_f_t_o_m_a_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_T_o_o_l_B_a_r_8_8_8_\_M_y_T_o_o_l_B_a_r_._d_l_l_ _-_>_ _A_d_w_a_r_e_._S_o_f_t_o_m_a_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_T_o_o_l_B_a_r_8_8_8_\_U_n_i_n_s_t_._e_x_e_ _-_>_ _A_d_w_a_r_e_._S_o_f_t_o_m_a_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_5_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_4_7_r_e_a_l_m_e_d_i_a_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._1_7_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_3_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._6_0_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_1_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_3_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_1_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_1_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_7_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_8_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_8_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_8_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_9_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._5_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._5_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._6_1_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_v_i_v_a_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_t_d_m_t_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._1_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._C_o_m_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._1_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._D_o_u_b_l_e_c_l_i_c_k_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._5_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._F_a_s_t_c_l_i_c_k_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._4_5_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._G_a_m_e_r_s_h_e_l_l_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._4_5_1_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._G_a_m_e_r_s_h_e_l_l_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._4_5_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._G_a_m_e_r_s_h_e_l_l_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._4_5_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._G_a_m_e_r_s_h_e_l_l_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._3_5_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._3_5_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._3_5_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._4_4_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._5_2_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._6_4_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._7_4_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_9_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._8_9_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_0_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._9_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._1_7_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_o_t_l_o_g_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_5_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._O_v_e_r_t_u_r_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_5_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._O_v_e_r_t_u_r_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_5_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._O_v_e_r_t_u_r_e_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._1_9_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._1_9_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._1_9_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._1_9_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._4_4_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._S_p_y_l_o_g_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._6_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._S_t_a_t_c_o_u_n_t_e_r_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._6_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._S_t_a_t_c_o_u_n_t_e_r_ _:_ _C_l_e_a_n_e_d_._
_
_:_m_o_z_i_l_l_a_._2_8_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._V_a_l_u_e_c_l_i_c_k_ _:_ _C_l_e_a_n_e_d_._
_
_
_
_
_
_:_:_R_e_p_o_r_t_ _e_n_d_
_
_
_
_
  • 0

#3
andydf
Posted 10 December 2006 - 12:41 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi, frozenthunder

Sorry about the delay in replying to your post, the forums have been very busy lately. As it's been a few days since your origional post, please could you post a new HJT log for me to see.

If you have resolved your issues, please let us know.

Andy :whistling:
  • 0

#4
frozenthunder
Posted 10 December 2006 - 06:59 PM

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
this is my new logfile as follows...im not too sure if im still infected or anything, because i think i remember days when my computer ran faster. Or maybe its just my imagination as pandascan said it removed the file the last time. thanks for the help. :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 8:51:00 AM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\FilmLoop Player\FilmLoop.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Steam-Down\Steam.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Murasu Systems\Anjal2000\anjal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\hijackt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.124.2.15:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [IE Accelerator] D:\chess\Booster\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam-Down\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Murasu Anjal.lnk = C:\Program Files\Murasu Systems\Anjal2000\anjal.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149309271765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149309252640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#5
andydf
Posted 11 December 2006 - 02:24 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi frozenthunder

1.
First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Click This link for further help.

2.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

ToolBar888

Please note any other programs that you dont recognize in add/remove in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\ToolBar888
c:\program files\common files\InetGet
C:\Documents and Settings\Owner\Desktop\New Folder
C:\Program Files\Common Files\Totem Shared

Please delete these files using Windows Explorer(if present):
Use windows search facility if you have trouble finding these files.

ALCXMNTR.EXE
C:\Documents and Settings\Owner\My Documents\My Completed Downloads\logo creator.zip

After that, Reboot.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let me know how your system's working. :blink:

Andy :whistling:
  • 0

#6
frozenthunder
Posted 11 December 2006 - 10:11 PM

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
hi again =)

ok after deleting the 2 entries you stated in hijackthis and showing all hidden files and folder, i restarted in safe mode. i couldnt locate toolbar888 in remove/add programmes.

i also couldnt find
C:\Program Files\ToolBar888
&
C:\Documents and Settings\Owner\Desktop\New Folder

i deleted the other 2 folders you mentioned.

after using the search faculty i managed to find 3 files named 'ALCXMNTR.EXE' out of which one was actually in all lowercase 'Alcxmntr.exe'. i deleted all 3 into the recycle bin. i also deleted...
C:\Documents and Settings\Owner\My Documents\My Completed Downloads\logo creator.zip

however im getting an error message saying that my windows virtual paging file i too small or does not even exist. this happened before i went through your instructions today morning when i first tried starting my computer. my computer even crashed a few times at startup. i exited some of my startup icons before they startedup hoping it wouldnt crash. the error message also appeared in safe mode but my computer didnt crash then. im still getting the message after deleting the files mentioned. sorry if im being vague.

the hjt log is as follows...

Logfile of HijackThis v1.99.1
Scan saved at 12:04:46 PM, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\FilmLoop Player\FilmLoop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Murasu Systems\Anjal2000\anjal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.124.2.15:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [IE Accelerator] D:\chess\Booster\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam-Down\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Murasu Anjal.lnk = C:\Program Files\Murasu Systems\Anjal2000\anjal.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149309271765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149309252640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#7
andydf
Posted 12 December 2006 - 02:44 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi frozenthunder

Have a look HERE follow the instructions and let me know if it makes any difference.

Andy :whistling:
  • 0

#8
frozenthunder
Posted 12 December 2006 - 07:34 PM

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
hi again,

it didnt really work. it worked the first time i restarted my system. however, the error message kept popping up at the welcome screen on subsequent tries.
  • 0

#9
andydf
Posted 13 December 2006 - 10:13 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Can you tell me how much memory your PC has, also have you ever defragged your hard drive?
  • 0

#10
frozenthunder
Posted 13 December 2006 - 09:26 PM

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
704 mb RAM
ive defragged it but not in the last 3-4 months

and the virtual memory error message did not show up today when i switched on my computer although it took 2-3 minutes to get past the welcome screen.
  • 0

Advertisements

#11
andydf
Posted 14 December 2006 - 02:03 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
I'd like you to update either AVG Antispyware or SuperAntispyware (or both)

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open either of the two programs (you can scan with both if you wish) and perform a full system scan. Do not open any windows/programs for the duration of the scan.
Post the log it creates in your reply.

Andy :whistling:
  • 0

#12
frozenthunder
Posted 15 December 2006 - 06:20 PM

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
i did a super anti spyware scan as well but i didnt know how to save the results. it detected 1 trakcking cookie with 9 items. this is the avg scan report.


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
_
_A_V_G_ _A_n_t_i_-_S_p_y_w_a_r_e_ _-_ _S_c_a_n_ _R_e_p_o_r_t_
_
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
_
_
_
_ _+_ _C_r_e_a_t_e_d_ _a_t_:_ _9_:_3_3_:_5_4_ _P_M_ _1_2_/_1_5_/_2_0_0_6_
_
_
_
_ _+_ _S_c_a_n_ _r_e_s_u_l_t_:_ _
_
_
_
_
_
_
_
_C_:_\_S_y_s_t_e_m_ _V_o_l_u_m_e_ _I_n_f_o_r_m_a_t_i_o_n_\___r_e_s_t_o_r_e_{_F_C_7_B_5_4_9_B_-_A_9_D_B_-_4_F_6_5_-_8_D_9_B_-_B_1_6_5_C_7_F_A_B_2_D_5_}_\_R_P_2_6_3_\_A_0_1_1_9_6_4_4_._e_x_e_ _-_>_ _A_d_w_a_r_e_._S_a_v_e_N_o_w_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_S_y_s_t_e_m_ _V_o_l_u_m_e_ _I_n_f_o_r_m_a_t_i_o_n_\___r_e_s_t_o_r_e_{_F_C_7_B_5_4_9_B_-_A_9_D_B_-_4_F_6_5_-_8_D_9_B_-_B_1_6_5_C_7_F_A_B_2_D_5_}_\_R_P_2_6_3_\_A_0_1_1_9_6_4_5_._d_l_l_ _-_>_ _A_d_w_a_r_e_._S_o_f_t_o_m_a_t_e_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._3_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._3_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._8_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._8_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._8_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._9_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_C_o_o_k_i_e_s_\_o_w_n_e_r_@_a_d_r_e_v_o_l_v_e_r_[_1_]_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_r_e_v_o_l_v_e_r_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_C_o_o_k_i_e_s_\_o_w_n_e_r_@_a_t_d_m_t_[_2_]_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_t_d_m_t_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._1_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._C_o_m_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_C_o_o_k_i_e_s_\_o_w_n_e_r_@_c_o_m_[_1_]_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._C_o_m_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_C_o_o_k_i_e_s_\_o_w_n_e_r_@_d_o_u_b_l_e_c_l_i_c_k_[_1_]_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._D_o_u_b_l_e_c_l_i_c_k_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._1_0_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._1_0_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._1_0_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._H_i_t_b_o_x_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_C_o_o_k_i_e_s_\_o_w_n_e_r_@_a_d_s_._p_o_i_n_t_r_o_l_l_[_2_]_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._P_o_i_n_t_r_o_l_l_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_C_o_o_k_i_e_s_\_o_w_n_e_r_@_q_u_e_s_t_i_o_n_m_a_r_k_e_t_[_2_]_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._Q_u_e_s_t_i_o_n_m_a_r_k_e_t_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._7_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._7_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._7_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_:_m_o_z_i_l_l_a_._7_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_b_d_e_o_7_6_o_8_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_C_o_o_k_i_e_s_\_o_w_n_e_r_@_e_d_g_e_._r_u_4_[_1_]_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._R_u_4_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_O_w_n_e_r_\_C_o_o_k_i_e_s_\_o_w_n_e_r_@_s_e_r_v_i_n_g_-_s_y_s_[_2_]_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._S_e_r_v_i_n_g_-_s_y_s_ _:_ _N_o_ _a_c_t_i_o_n_ _t_a_k_e_n_._
_
_
_
_
_
_:_:_R_e_p_o_r_t_ _e_n_d_
_
_
_
_
  • 0

#13
andydf
Posted 16 December 2006 - 09:05 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi frozenthunder

Well it looks like only cookies were found, these can be dealt with using ATFCleaner.
How is your system running, are you still getting virtual memory messages?

andy :whistling:
  • 0

#14
frozenthunder
Posted 16 December 2006 - 07:43 PM

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
the memory message still appears. however, my computer appears to be running slightly faster today...
  • 0

#15
andydf
Posted 17 December 2006 - 02:14 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi frozenthunder

Can you boot into safe mode and perform a Defrag of your hard drive.

While in Safemode
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notepad into your next post
Also can you tell me how much free space you have on your hard drive? You can do this by going to my computer and right clicking your C drive then select properties.

Andy :whistling:

Edited by andydf, 17 December 2006 - 02:17 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP